Re: Using Snort to find creditcard data?

[Thrynn <thrynn404 () gmail com>]

To answer your question: yes, you could write a rule using a regular
expression. However, I would suspect it would result in a high false
positive rate due to the formatting (hyphens, space, etc). Also, a
string of numbers does not make a credit card.

So to do it right, you would have to write a plugin that takes the
numbers and determines if they are a credit card or not. The luhn
algorithm is very simple.

On 26 Sep 2007 19:35:42 -0000, jerikl75 () gmail com <jerikl75 () gmail com> wrote:
> Would it be possible to write a Snort rule that triggers on possible creditcard numbers and how would it look like?
>
> PCI standars says that all creditcard data should be encrypted, It woild be nice to verify that no card data shows up 
> where it shouldn't...
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------