Educause Security Discussion mailing list archives

Re: Software that scans for SSN

From: Ramon Hermida <RHERMIDA () PANAM EDU>
Date: Wed, 28 Sep 2005 08:09:40 -0500

We did not notice much of a CPU spike on our systems.  When it comes to false positives, we get a relatively small 
number (maybe 10-15 alerts for the entire week).

In fact, there are a few snort rules for SSNs/CCs; check the rulesets at
bleedingsnort.com, specifically bleeding-policy.rules, sids
2001375-2001383.


For the guys who've tried the snort SSN sigs - what kind of results did
you get?

We loaded *only* the SSN sigs, and the cpu spiked to 99% and dropped
most of the packets on the wire. Have you guys really been getting
different results?

Current thread:

Software that scans for SSN Leila Lyons (Sep 27)
- <Possible follow-ups>
- Re: Software that scans for SSN Gary Golomb (Sep 27)
- Re: Software that scans for SSN Ramon Hermida (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Jeff Kell (Sep 27)
- Re: Software that scans for SSN Gary Golomb (Sep 28)
- Re: Software that scans for SSN Ramon Hermida (Sep 28)
- Re: Software that scans for SSN Cam Beasley, ISO (Sep 28)
- Re: Software that scans for SSN Graham Toal (Sep 28)