[Full-disclosure] Snort Signature to detect credit cards
Siim Põder
siim at p6drad-teel.net
Fri May 9 09:38:47 BST 2008
Randal T. Rioux wrote:
> FYI - http://www.emergingthreats.net
>
> This was discussed on the snort-sigs mailing list back in 2003. Check out
> http://marc.info/?l=snort-sigs&m=106601612825950&w=2
>
> Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
> contains some PCRE CC# checks. This will show you some:
I wrote a dynamic plugin for detecting CC numbers (requires snort 2.6+):
http://p6drad-teel.net/~windo/release/creditcard.tar.gz
It checks prefixes (visa/amex/etc), number length and the luhn code (the
last digit) + allows arbitrary grouping by dashes and/or spaces.
Siim
Full-Disclosure is hosted and sponsored by Secunia.