Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Signature to detect credit cards

From: Siim Põder <siim () p6drad-teel net>
Date: Fri, 09 May 2008 11:38:47 +0300
Randal T. Rioux wrote:

FYI - http://www.emergingthreats.net

This was discussed on the snort-sigs mailing list back in 2003. Check out
http://marc.info/?l=snort-sigs&m=106601612825950&w=2

Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
contains some PCRE CC# checks. This will show you some:


I wrote a dynamic plugin for detecting CC numbers (requires snort 2.6+):

http://p6drad-teel.net/~windo/release/creditcard.tar.gz

It checks prefixes (visa/amex/etc), number length and the luhn code (the
last digit) + allows arbitrary grouping by dashes and/or spaces.

Siim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: