[Snort-sigs] how to detect CC attack
yanzhenyu at ...3670...
Wed May 2 04:07:34 EDT 2012
Thank you for your reply.
Permaps I should count the total connection.
1) the total number of all connections
2) the top 10 ip address and their connection number
but how can accomplish this goal?
发件人： Jamie Riden
发送时间： 2012-05-02 14:37:08
主题： Re: [Snort-sigs] how to detect CC attack
2012/5/2 闫振宇 <yanzhenyu at ...3670...>
I want to detect CC attack with snort. Has anyone got any idea ?
What is a "CC attack" ?
If you mean credit card numbers, I've found the rule that matches 16 digits in a row tends to give false positives. It usually gets disabled, like the SSN# one.
If you mean, stealing credit card numbers, you'd need to look at which server they live on, and likely paths for an attacker to export them out of your organisation if they did manage to compromise the box.
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs