Re: Using Snort to find creditcard data?

[Martin Roesch <roesch () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I actually wrote a little function that'll run the Luhn algorithm to  
find CC numbers, I just haven't taken the time to get it into the  
codebase.  The primary challenge from a usage standpoint is figuring  
out where to point it, you don't want to run it on just arbitrary  
data after all....

        -Marty


On Sep 27, 2007, at 5:51 PM, Stefano Zanero wrote:

> jerikl75 () gmail com wrote:
> > Would it be possible to write a Snort rule that triggers on  
> > possible creditcard numbers and how would it look like?
> > PCI standars says that all creditcard data should be encrypted, It  
> > woild be nice to verify that no card data shows up where it  
> > shouldn't...
>
> Something like
> http://regexlib.com/REDetails.aspx?regexp_id=340
>
> In a PCRE field ?
>
> Stefano
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5? 
> module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ---------------------------------------------------------------------- 
> --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFHAR1Nqj0FAQQ3KOARAowyAJ0fEphHParxbWGL1d+p7UP1JmXMZACcCAh7
R449oSbCHjWGMOfxLD4aqMA=
=Ub7E
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------