[Snort-sigs] how to detect CC attack

Jamie Riden jamie.riden at ...2420...
Wed May 2 02:37:02 EDT 2012

2012/5/2 闫振宇 <yanzhenyu at ...3670...>

> **
> hello everyone,
> I want to detect CC attack with snort.  Has anyone got any idea ?
What is a "CC attack" ?

If you mean credit card numbers, I've found the rule that matches 16 digits
in a row tends to give false positives. It usually gets disabled, like the
SSN# one.

If you mean, stealing credit card numbers, you'd need to look at which
server they live on, and likely paths for an attacker to export them out of
your organisation if they did manage to compromise the box.

Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120502/c93789e4/attachment.html>

More information about the Snort-sigs mailing list