[Snort-sigs] Signature for credit card numbers

Adam Towarnyckyj adamt at ...1917...
Thu Oct 9 14:53:07 EDT 2003

Yeah, because Snortin for credit card numbers on a network is a
constructive use of your time.
(and highly illegal)

Adam Towarnyckyj
Network Operations
Phone: 928-772-1111 x131

-----Original Message-----
From: Sean Perry [mailto:sean.perry at ...1958...] 
Sent: Thursday, October 09, 2003 2:48 PM
To: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] Signature for credit card numbers

Cove Schneider wrote:

> Hello,
> Has anyone attempted to make any signatures to try and catch credit
> numbers? e.g. someone sending a CC number in an email, via FTP, P2P 
> etc... Sending them insecurely, or even malicious intent... I'm 
> interested in verifying that this isn't going on, of course.
> Anyone have any thoughts on this?

Well, let's see.

A credit card number is 16 digits long (at least here in the US, maybe 
not elsewhere).  The first number is 3 (amex),4 (visa),5 (master) or 6 

So you need something that matches (in perl style regex): '[3456]\d{15}'

or '[3456]\d{3}(?:-\d{4}){3}'.  This covers the dashed notation as well 
as the all scrunched style.  If they do '3456 5678 ...' it won't catch 
them.  The second regex could be replicated for this though.

That is a good start.  You could get fancy is you knew the algorithm 
used to make the card numbers.  Also, American Express may not be 16 
digits, I forget.  I know the other 3 always are.

This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list