Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Detect Credit Card number in attached file

From: "Russ Combs (rucombs)" <rucombs () cisco com>
Date: Thu, 20 Mar 2014 21:25:43 +0000
Just to help narrow down the problem, can you write a file_data rule to match a credit card number in the email 
attachment to see if it fires?

________________________________
From: hosein izadi [fhoseinh () yahoo com]
Sent: Thursday, March 20, 2014 3:47 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Detect Credit Card number in attached file

Hello,

I have a rule in place to detect credit card information that are passing through my network. Here is a rule:

Alert tcp any any -> any any (msg:”Credit card number over 
email”;gid:138;sid:1000;rev:1;sd_pattern:2,credit_card;metadata:service smtp;)

With having this rule in place, snort  detects credit card number that are clear text and are in the body of email, but 
if credit card numbers are inside the attached file in email, snort does not detect that.

Any idea how  we can get this to work.

Thanks,



------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: