IDS mailing list archives
RE: Using Snort to find creditcard data?
From: "Srinivasa Addepalli" <srao () intoto com>
Date: Fri, 28 Sep 2007 00:03:56 -0700
Hi, Credit card numbers are typically 13 to 16 digits long. You can write a signature to look for 13 to 16 continuous digits. There could be some cases where it can generate false positives. You may have to live with false positives in snort. I don't think snort has any keyword to check sequence of digits represent a credit card number. Note that Luhn formula is one method to check whether digits represent a credit card number. In addition to this administrator can create rules himself to filter out clear connections that are expected to be secured by SSL. He/She can make list of URLs that must be under SSL protection and ensure that these URLs are not seen in HTTP requests in clear. Srini -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jerikl75 () gmail com Sent: Wednesday, September 26, 2007 12:36 PM To: focus-ids () securityfocus com Subject: Using Snort to find creditcard data? Would it be possible to write a Snort rule that triggers on possible creditcard numbers and how would it look like? PCI standars says that all creditcard data should be encrypted, It woild be nice to verify that no card data shows up where it shouldn't... ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Using Snort to find creditcard data? Mike Lococo (Oct 01)
- <Possible follow-ups>
- Re: Using Snort to find creditcard data? Stefano Zanero (Oct 01)
- Re: Using Snort to find creditcard data? Martin Roesch (Oct 02)
- Re: Using Snort to find creditcard data? Ron Gula (Oct 01)
- Re: Using Snort to find creditcard data? Jason (Oct 01)
- RE: Using Snort to find creditcard data? Srinivasa Addepalli (Oct 01)
- Re: Using Snort to find creditcard data? Thrynn (Oct 01)
- Re: Using Snort to find creditcard data? Jason Ross (Oct 01)
- RE: Using Snort to find creditcard data? Ofer Shezaf (Oct 02)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)
- Re: Using Snort to find creditcard data? Siim Põder (Oct 18)
- Message not available
- Re: Using Snort to find creditcard data? Siim Põder (Oct 19)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 19)
- RE: Using Snort to find creditcard data? Craig Chamberlain (Oct 16)