It is absolutely possible for common representations and protocols. I would suggest a dedicated rules set to be maximally effective. You will want to use a series of rules for valid prefix numbers qualified with a PCRE.
A candidate for the PCRE might be here http://dotnetslackers.com/Regex/re-7525_Regex_Credit_Card_Validation_Matches_Switch_Solo_Visa_MasterCard_and_Discover_in_4_4_4_4_4_4.aspx google can point you towards all of the relevant data. [EMAIL PROTECTED] wrote: > Would it be possible to write a Snort rule that triggers on possible > creditcard numbers and how would it look like? > > PCI standars says that all creditcard data should be encrypted, It > woild be nice to verify that no card data shows up where it > shouldn't... > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? Find out quickly and easily by > testing it with real-world attacks from CORE IMPACT. Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
