Hi, Credit card numbers are typically 13 to 16 digits long. You can write a signature to look for 13 to 16 continuous digits. There could be some cases where it can generate false positives. You may have to live with false positives in snort. I don't think snort has any keyword to check sequence of digits represent a credit card number. Note that Luhn formula is one method to check whether digits represent a credit card number.
In addition to this administrator can create rules himself to filter out clear connections that are expected to be secured by SSL. He/She can make list of URLs that must be under SSL protection and ensure that these URLs are not seen in HTTP requests in clear. Srini -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 26, 2007 12:36 PM To: [email protected] Subject: Using Snort to find creditcard data? Would it be possible to write a Snort rule that triggers on possible creditcard numbers and how would it look like? PCI standars says that all creditcard data should be encrypted, It woild be nice to verify that no card data shows up where it shouldn't... ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
