To answer your question: yes, you could write a rule using a regular expression. However, I would suspect it would result in a high false positive rate due to the formatting (hyphens, space, etc). Also, a string of numbers does not make a credit card.
So to do it right, you would have to write a plugin that takes the numbers and determines if they are a credit card or not. The luhn algorithm is very simple. On 26 Sep 2007 19:35:42 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Would it be possible to write a Snort rule that triggers on possible > creditcard numbers and how would it look like? > > PCI standars says that all creditcard data should be encrypted, It woild be > nice to verify that no card data shows up where it shouldn't... > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
