[Snort-sigs] Signature for credit card numbers

Eric Kuhnke eric at ...1960...
Fri Oct 10 18:05:01 EDT 2003


However, this might be a constructive use of time for an ISP seeking to protect its customers...  Notice the rash of fake-ebay, fake-bank, fake-credit-card spams with "We require you to verify your information, please input your social security number, CC#, address etc"

A lot of these use masking of URLs in spam (thanks, MS Outlook!) and link to offshore web servers with near-perfect replicas of the Ebay or bank user interface.  Many of these use unsecured html forms to submit the information.

On the same note, a snort-sig to detect social security numbers might also be useful, as they always come in this format: xxx-xx-xxxx (where the first three digits are a prefix representing the state the card was issued in. 


At 02:52 PM 10/9/2003 -0700, you wrote:
>Yeah, because Snortin for credit card numbers on a network is a
>constructive use of your time.
>(and highly illegal)
>:)
>
>Adam Towarnyckyj
>Network Operations
>CommSpeed
>http://www.commspeed.net/
>Phone: 928-772-1111 x131
>
>
>-----Original Message-----
>From: Sean Perry [mailto:sean.perry at ...1958...] 
>Sent: Thursday, October 09, 2003 2:48 PM
>To: snort-sigs at lists.sourceforge.net
>Subject: Re: [Snort-sigs] Signature for credit card numbers
>
>Cove Schneider wrote:
>
>> Hello,
>> 
>> Has anyone attempted to make any signatures to try and catch credit
>card 
>> numbers? e.g. someone sending a CC number in an email, via FTP, P2P 
>> etc... Sending them insecurely, or even malicious intent... I'm 
>> interested in verifying that this isn't going on, of course.
>> 
>> Anyone have any thoughts on this?
>> 
>
>Well, let's see.
>
>A credit card number is 16 digits long (at least here in the US, maybe 
>not elsewhere).  The first number is 3 (amex),4 (visa),5 (master) or 6 
>(discover).
>
>So you need something that matches (in perl style regex): '[3456]\d{15}'
>
>or '[3456]\d{3}(?:-\d{4}){3}'.  This covers the dashed notation as well 
>as the all scrunched style.  If they do '3456 5678 ...' it won't catch 
>them.  The second regex could be replicated for this though.
>
>That is a good start.  You could get fancy is you knew the algorithm 
>used to make the card numbers.  Also, American Express may not be 16 
>digits, I forget.  I know the other 3 always are.
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: SF.net Giveback Program.
>SourceForge.net hosts over 70,000 Open Source Projects.
>See the people who have HELPED US provide better services:
>Click here: http://sourceforge.net/supporters.php
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: SF.net Giveback Program.
>SourceForge.net hosts over 70,000 Open Source Projects.
>See the people who have HELPED US provide better services:
>Click here: http://sourceforge.net/supporters.php
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs






More information about the Snort-sigs mailing list