IDS mailing list archives
Re: Using Snort to find creditcard data?
From: Siim Põder <siim () p6drad-teel net>
Date: Wed, 10 Oct 2007 11:41:17 +0300
Yo jerikl75 () gmail com wrote:
Would it be possible to write a Snort rule that triggers on possible creditcard numbers and how would it look like? PCI standars says that all creditcard data should be encrypted, It woild be nice to verify that no card data shows up where it shouldn't...
I wrote a dynamic rule for this. It does the Luhn check (as i understood it) and prefix/length verification. It's a quick implementation and probably uses a tad too much of CPU time, but seems to work. Any suggestions/improvements are welcome. http://p6drad-teel.net/~windo/jama/creditcard_number.c add it to so_rules and add "creditcard" to libs := section in the Makefile Siim ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Using Snort to find creditcard data?, (continued)
- Re: Using Snort to find creditcard data? Ron Gula (Oct 01)
- Re: Using Snort to find creditcard data? Jason (Oct 01)
- RE: Using Snort to find creditcard data? Srinivasa Addepalli (Oct 01)
- Re: Using Snort to find creditcard data? Thrynn (Oct 01)
- Re: Using Snort to find creditcard data? Jason Ross (Oct 01)
- RE: Using Snort to find creditcard data? Ofer Shezaf (Oct 02)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)
- Re: Using Snort to find creditcard data? Siim Põder (Oct 18)
- Message not available
- Re: Using Snort to find creditcard data? Siim Põder (Oct 19)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 19)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)