IDS mailing list archives

RE: Using Snort to find creditcard data?

From: "Srinivasa Addepalli" <srao () intoto com>
Date: Fri, 28 Sep 2007 00:03:56 -0700

Hi,

Credit card numbers are typically 13 to 16 digits long. You can write a
signature to look for 13 to 16 continuous digits. There could be some cases
where it can generate false positives. You may have to live with false
positives in snort. I don't think snort has any keyword to check sequence of
digits represent a credit card number. Note that Luhn formula is one method
to check whether digits represent a credit card number. 

In addition to this administrator can create rules himself to filter out
clear connections that are expected to be secured by SSL. He/She can make
list of URLs that must be under SSL protection and ensure that these URLs
are not seen in HTTP requests in clear.

Srini



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of jerikl75 () gmail com
Sent: Wednesday, September 26, 2007 12:36 PM
To: focus-ids () securityfocus com
Subject: Using Snort to find creditcard data?

Would it be possible to write a Snort rule that triggers on possible
creditcard numbers and how would it look like?
PCI standars says that all creditcard data should be encrypted, It woild be
nice to verify that no card data shows up where it shouldn't...

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------


********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.
 
Intoto Inc. 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Re: Using Snort to find creditcard data? Mike Lococo (Oct 01)
- <Possible follow-ups>
- Re: Using Snort to find creditcard data? Stefano Zanero (Oct 01)
  - Re: Using Snort to find creditcard data? Martin Roesch (Oct 02)
- Re: Using Snort to find creditcard data? Ron Gula (Oct 01)
- Re: Using Snort to find creditcard data? Jason (Oct 01)
- RE: Using Snort to find creditcard data? Srinivasa Addepalli (Oct 01)
- Re: Using Snort to find creditcard data? Thrynn (Oct 01)
- Re: Using Snort to find creditcard data? Jason Ross (Oct 01)
- RE: Using Snort to find creditcard data? Ofer Shezaf (Oct 02)
  - RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)
    - Re: Using Snort to find creditcard data? Siim Põder (Oct 18)
    - Message not available
    - Re: Using Snort to find creditcard data? Siim Põder (Oct 19)
    - RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 19)
- Re: Using Snort to find creditcard data? Siim Põder (Oct 10)