IDS mailing list archives
Re: Using Snort to find creditcard data?
From: Mike Lococo <mike.lococo () nyu edu>
Date: Thu, 27 Sep 2007 17:53:48 -0400
Would it be possible to write a Snort rule that triggers on possible creditcard numbers and how would it look like? PCI standars says that all creditcard data should be encrypted, It woild be nice to verify that no card data shows up where it shouldn't...
Cornell Spider is a data-at-rest scanning program that looks for SSNs and CCNs. It's open source, though, and has regexes for both that you can steal, along with a Luhn validator for CC stuff (I'm not sure if this is implemented in a regex or something more complex that would be hard to port to a snort rule). Be prepared for false positives, though, potentially a large number if you have significant bandwidth. They'll show up in random binary data pretty often. Thanks, Mike ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Using Snort to find creditcard data? Mike Lococo (Oct 01)
- <Possible follow-ups>
- Re: Using Snort to find creditcard data? Stefano Zanero (Oct 01)
- Re: Using Snort to find creditcard data? Martin Roesch (Oct 02)
- Re: Using Snort to find creditcard data? Ron Gula (Oct 01)
- Re: Using Snort to find creditcard data? Jason (Oct 01)
- RE: Using Snort to find creditcard data? Srinivasa Addepalli (Oct 01)
- Re: Using Snort to find creditcard data? Thrynn (Oct 01)
- Re: Using Snort to find creditcard data? Jason Ross (Oct 01)
- RE: Using Snort to find creditcard data? Ofer Shezaf (Oct 02)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)
- Re: Using Snort to find creditcard data? Siim Põder (Oct 18)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)
(Thread continues...)