Yo [EMAIL PROTECTED] wrote: > Would it be possible to write a Snort rule that triggers on possible > creditcard numbers and how would it look like? PCI standars says that > all creditcard data should be encrypted, It woild be nice to verify > that no card data shows up where it shouldn't...
I wrote a dynamic rule for this. It does the Luhn check (as i understood it) and prefix/length verification. It's a quick implementation and probably uses a tad too much of CPU time, but seems to work. Any suggestions/improvements are welcome. http://p6drad-teel.net/~windo/jama/creditcard_number.c add it to so_rules and add "creditcard" to libs := section in the Makefile Siim ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
