Educause Security Discussion mailing list archives
Re: Software that scans for SSN
From: Ramon Hermida <RHERMIDA () PANAM EDU>
Date: Wed, 28 Sep 2005 08:09:40 -0500
We did not notice much of a CPU spike on our systems. When it comes to false positives, we get a relatively small number (maybe 10-15 alerts for the entire week).
In fact, there are a few snort rules for SSNs/CCs; check the rulesets at bleedingsnort.com, specifically bleeding-policy.rules, sids 2001375-2001383.
For the guys who've tried the snort SSN sigs - what kind of results did you get? We loaded *only* the SSN sigs, and the cpu spiked to 99% and dropped most of the packets on the wire. Have you guys really been getting different results?
Current thread:
- Software that scans for SSN Leila Lyons (Sep 27)
- <Possible follow-ups>
- Re: Software that scans for SSN Gary Golomb (Sep 27)
- Re: Software that scans for SSN Ramon Hermida (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Jeff Kell (Sep 27)
- Re: Software that scans for SSN Gary Golomb (Sep 28)
- Re: Software that scans for SSN Ramon Hermida (Sep 28)
- Re: Software that scans for SSN Cam Beasley, ISO (Sep 28)
- Re: Software that scans for SSN Graham Toal (Sep 28)