Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to detect CC attack

From: Jamie Riden <jamie.riden () gmail com>
Date: Wed, 2 May 2012 07:37:02 +0100
2012/5/2 闫振宇 <yanzhenyu () 55tuan com>


**

hello everyone,
I want to detect CC attack with snort.  Has anyone got any idea ?




What is a "CC attack" ?

If you mean credit card numbers, I've found the rule that matches 16 digits
in a row tends to give false positives. It usually gets disabled, like the
SSN# one.

If you mean, stealing credit card numbers, you'd need to look at which
server they live on, and likely paths for an attacker to export them out of
your organisation if they did manage to compromise the box.

cheers,
 Jamie
-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: