IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using Snort to find creditcard data?

From: Mike Lococo <mike.lococo () nyu edu>
Date: Thu, 27 Sep 2007 17:53:48 -0400
Would it be possible to write a Snort rule that triggers on possible
creditcard numbers and how would it look like? PCI standars says that
all creditcard data should be encrypted, It woild be nice to verify
that no card data shows up where it shouldn't...


Cornell Spider is a data-at-rest scanning program that looks for SSNs
and CCNs.  It's open source, though, and has regexes for both that you
can steal, along with a Luhn validator for CC stuff (I'm not sure if
this is implemented in a regex or something more complex that would be
hard to port to a snort rule).

Be prepared for false positives, though, potentially a large number if
you have significant bandwidth.  They'll show up in random binary data
pretty often.

Thanks,
Mike

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: