Using Snort or ngrep to find credit card numbers
Posted by creining | Filed under Security
Ngrep is alright. For instance,
ngrep -w "(\d{4})[-\S]?(\d{4})[-\S]?(\d{4})[-\S]?(\d{4})\S*" tcp port 80
will attempt to look for a credit card number on port 80. This type of regex can be quite useful especially for detecting potentially unencrypted sensitive data. So how can this be implemented in a corporate environment like a bank? Probably the best way would be to use Snort, the pcre patch which implements perl compatible regular expressions, and custom rules looking for credit card numbers/social security numbers/credit reports/etc.
Comments are closed.