Detect a credit card number in Network Traffic

Wednesday, January 9, 2008

How do you detect a credit card number being transferred from your backend machines to the web through your web server or incase if you want to catch it in your IDS if somebody is stealing your confidential data via sql injection attack or just a plain vanilla hack and if you dont use Guardium box (damn its awesome tool for database auditing but bloody it hangs and reboots when you send a BIG ping packet.. is that security.. lol )

Well here's the trick use this Regex pattern.



\d{4}[\- ]?\d{4}[\- ]?\d{2}[\- ]?\d{2}[\- ]?\d{1,4}

You can use it with Snort IDS or your commercial IDS if it supports regex pattern
(most do support) or else if you have a reverse proxy you can implement
mod security in apache and match this pattern
and i am sure this will get you what you need.

There are few things you might want to do, like send an alert when a Match is found or send an alert if more than 3 credit card numbers are accessed and IP Adress is same.. And yeah you got it buddy.. Nail the intruder..

-- Anish

0 comments:

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP