Mailing List Archive: Full Disclosure: Full-Disclosure

Snort Signature to detect credit cards

Full Disclosure full-disclosure RSS feed

Index | Next | Previous | View Threaded

wilder_jeff at msn

May 8, 2008, 11:44 AM

Post #1 of 10 (359 views)
Permalink

Snort Signature to detect credit cards

Does anyone have a snort signature to detect credit cards or social security numbers?

Thank you in advance,

Jeff

ivanhec at gmail

May 8, 2008, 4:04 PM

Post #2 of 10 (342 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

write your own?

http://www.google.com.au/search?hl=en&q=write+your+own+snort+rules&btnG=Google+Search&meta=

On Fri, May 9, 2008 at 4:44 AM, wilder_jeff Wilder <wilder_jeff[at]msn.com> wrote:
>
>
> Does anyone have a snort signature to detect credit cards or social
> security numbers?
>
> Thank you in advance,
>
> Jeff
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

chris at jacob-solutions

May 8, 2008, 5:15 PM

Post #3 of 10 (336 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

Jeff,

This isn't hard to do. Regular Expressions are your friends. :)

Google for PCRE.

Just a word of caution. This type of detection tends to be
computationally expensive.

Good Luck,,,

~chris

On May 8, 2008, at 2:44 PM, wilder_jeff Wilder wrote:

>
> Does anyone have a snort signature to detect credit cards or social
> security numbers?
>
> Thank you in advance,
>
> Jeff
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

sixsigma98 at hotmail

May 8, 2008, 5:23 PM

Post #4 of 10 (339 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

The free rule sets from http://www.emergingthreats.com have this capability. Look in the Policy section.

RAy

From: wilder_jeff[at]msn.com
To: full-disclosure[at]lists.grok.org.uk
Date: Thu, 8 May 2008 12:44:15 -0600
Subject: [Full-disclosure] Snort Signature to detect credit cards

Does anyone have a snort signature to detect credit cards or social security numbers?

Thank you in advance,

Jeff

_________________________________________________________________
Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics.
http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008

simon at snosoft

May 8, 2008, 8:02 PM

Post #5 of 10 (331 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

You sure you got that URL right?

Ray P wrote:
> The free rule sets from http://www.emergingthreats.com have this
> capability. Look in the Policy section.
>
> RAy
>
> ------------------------------------------------------------------------
> From: wilder_jeff[at]msn.com
> To: full-disclosure[at]lists.grok.org.uk
> Date: Thu, 8 May 2008 12:44:15 -0600
> Subject: [Full-disclosure] Snort Signature to detect credit cards
>
>
> Does anyone have a snort signature to detect credit cards or social
> security numbers?
>
> Thank you in advance,
>
> Jeff
>
>
> ------------------------------------------------------------------------
> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
> <http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--

- simon

----------------------
http://www.snosoft.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

skodliv at gmail

May 9, 2008, 12:59 AM

Post #6 of 10 (319 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

exactly what do you want to achieve with this signature?
need money for porn?

On Fri, May 9, 2008 at 5:02 AM, Simon Smith <simon[at]snosoft.com> wrote:

> You sure you got that URL right?
>
> Ray P wrote:
> > The free rule sets from http://www.emergingthreats.com have this
> > capability. Look in the Policy section.
> >
> > RAy
> >
> >
> ------------------------------------------------------------------------
> > From: wilder_jeff[at]msn.com
> > To: full-disclosure[at]lists.grok.org.uk
> > Date: Thu, 8 May 2008 12:44:15 -0600
> > Subject: [Full-disclosure] Snort Signature to detect credit cards
> >
> >
> > Does anyone have a snort signature to detect credit cards or social
> > security numbers?
> >
> > Thank you in advance,
> >
> > Jeff
> >
> >
> > ------------------------------------------------------------------------
> > Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
> > <http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008<http://joinred.spaces.live.com/?ocid=TXT_HMTG_prodredemoticons_052008>
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> - simon
>
> ----------------------
> http://www.snosoft.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

--
smile tomorrow will be worse

randy at procyonlabs

May 9, 2008, 1:15 AM

Post #7 of 10 (319 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

FYI - http://www.emergingthreats.net

This was discussed on the snort-sigs mailing list back in 2003. Check out
http://marc.info/?l=snort-sigs&m=106601612825950&w=2

Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
contains some PCRE CC# checks. This will show you some:

$ more emerging-policy.rules | grep Number

Randy

On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
> You sure you got that URL right?
>
> Ray P wrote:
>> The free rule sets from http://www.emergingthreats.com have this
>> capability. Look in the Policy section.
>>
>> RAy
>>
>> ------------------------------------------------------------------------
>> From: wilder_jeff[at]msn.com
>> To: full-disclosure[at]lists.grok.org.uk
>> Date: Thu, 8 May 2008 12:44:15 -0600
>> Subject: [Full-disclosure] Snort Signature to detect credit cards
>>
>>
>> Does anyone have a snort signature to detect credit cards or social
>> security numbers?
>>
>> Thank you in advance,
>>
>> Jeff
>>
>>
>> ------------------------------------------------------------------------
>> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
>> <http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> - simon
>
> ----------------------
> http://www.snosoft.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

siim at p6drad-teel

May 9, 2008, 1:38 AM

Post #8 of 10 (319 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

Randal T. Rioux wrote:
> FYI - http://www.emergingthreats.net
>
> This was discussed on the snort-sigs mailing list back in 2003. Check out
> http://marc.info/?l=snort-sigs&m=106601612825950&w=2
>
> Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
> contains some PCRE CC# checks. This will show you some:

I wrote a dynamic plugin for detecting CC numbers (requires snort 2.6+):

http://p6drad-teel.net/~windo/release/creditcard.tar.gz

It checks prefixes (visa/amex/etc), number length and the luhn code (the
last digit) + allows arbitrary grouping by dashes and/or spaces.

Siim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

tbiehn at gmail

May 9, 2008, 2:38 AM

Post #9 of 10 (318 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

Time to start encoding them using JS now, solutions solutions solutions.

On Fri, May 9, 2008 at 4:15 AM, Randal T. Rioux <randy[at]procyonlabs.com> wrote:
> FYI - http://www.emergingthreats.net
>
> This was discussed on the snort-sigs mailing list back in 2003. Check out
> http://marc.info/?l=snort-sigs&m=106601612825950&w=2
>
> Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
> contains some PCRE CC# checks. This will show you some:
>
> $ more emerging-policy.rules | grep Number
>
>
> Randy
>
>
> On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
>> You sure you got that URL right?
>>
>> Ray P wrote:
>>> The free rule sets from http://www.emergingthreats.com have this
>>> capability. Look in the Policy section.
>>>
>>> RAy
>>>
>>> ------------------------------------------------------------------------
>>> From: wilder_jeff[at]msn.com
>>> To: full-disclosure[at]lists.grok.org.uk
>>> Date: Thu, 8 May 2008 12:44:15 -0600
>>> Subject: [Full-disclosure] Snort Signature to detect credit cards
>>>
>>>
>>> Does anyone have a snort signature to detect credit cards or social
>>> security numbers?
>>>
>>> Thank you in advance,
>>>
>>> Jeff
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
>>> <http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> --
>>
>> - simon
>>
>> ----------------------
>> http://www.snosoft.com
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

ureleet at gmail

May 12, 2008, 7:47 AM

Post #10 of 10 (264 views)
Permalink

Re: Snort Signature to detect credit cards [In reply to]

perhaps he needs to secure his network against personal identification
leakage. a better place to ask this question would be the snort-sigs
list, i post stuff there from time to time as well.

On Fri, May 9, 2008 at 3:59 AM, poo <skodliv[at]gmail.com> wrote:
> exactly what do you want to achieve with this signature?
> need money for porn?
>
>
>
> On Fri, May 9, 2008 at 5:02 AM, Simon Smith <simon[at]snosoft.com> wrote:
>
> > You sure you got that URL right?
> >
> >
> >
> >
> > Ray P wrote:
> > > The free rule sets from http://www.emergingthreats.com have this
> > > capability. Look in the Policy section.
> > >
> > > RAy
> > >
> > >
> ------------------------------------------------------------------------
> > > From: wilder_jeff[at]msn.com
> > > To: full-disclosure[at]lists.grok.org.uk
> > > Date: Thu, 8 May 2008 12:44:15 -0600
> > > Subject: [Full-disclosure] Snort Signature to detect credit cards
> > >
> > >
> > > Does anyone have a snort signature to detect credit cards or social
> > > security numbers?
> > >
> > > Thank you in advance,
> > >
> > > Jeff
> > >
> > >
> > > ------------------------------------------------------------------------
> > > Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
> > > <http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008>
> > >
> > >
> > > ------------------------------------------------------------------------
> >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > --
> >
> > - simon
> >
> > ----------------------
> > http://www.snosoft.com
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> smile tomorrow will be worse
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com