Snort mailing list archives

Dectecting Social Security Numbers?

From: "Lyons, Jon" <Jon_Lyons () enh org>
Date: Fri, 10 Sep 2004 13:01:44 -0500

 
I'm trying to get snort to generate an alert for SS#'s, I've tried the
rule below but no alerts are generated. I tested this with pcretest and
it works...am I missing something?
alert tcp any any -> any any (msg:"Socail Security Number Clear Text";
pcre:"m!(\d\d\d[-/]\d\d[-/]\d\d\d\d)\Z!";)

Current thread:

Dectecting Social Security Numbers? Lyons, Jon (Sep 10)
- Re: Dectecting Social Security Numbers? Adam Levy (Sep 10)
  - Stealth network card Carlos M Ospina (Sep 10)
    - Re: Stealth network card sekure (Sep 10)
- Message not available
  - Re: Dectecting Social Security Numbers? Matt Kettler (Sep 10)
- <Possible follow-ups>
- Re: Dectecting Social Security Numbers? Dan Fiorito (Sep 10)
- RE: Dectecting Social Security Numbers? Harper, Patrick (Sep 10)
  - Message not available
    - RE: Dectecting Social Security Numbers? Matt Kettler (Sep 10)
  - Re: Dectecting Social Security Numbers? Brian (Sep 10)
- RE: Dectecting Social Security Numbers? Lyons, Jon (Sep 10)
- RE: Dectecting Social Security Numbers? Harper, Patrick (Sep 10)