Re: Using Snort to find creditcard data?

["Jason Ross" <algorythm () gmail com>]

jerikl75 () gmail com <jerikl75 () gmail com> wrote:
> Would it be possible to write a Snort rule that triggers on possible
> creditcard numbers and how would it look like?

I'm pretty sure that it's possible, but what it would like is largely
dependant on the applications which are sending the credit card data,
as the payload of the packets will vary based how a given application
sends the numbers.

There's a handy list of test credit card numbers available at :
https://www.paypal.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm

That may be helpful for developing your own ruleset for your particular
apps; at the very least, it provides a concise list which can be used
for pattern matching...

--
Jason

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------