Snort mailing list archives
[SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha
From: Bill Parker <wp02855 () gmail com>
Date: Thu, 27 Mar 2014 13:20:41 -0700
Hi All,
This patch file modifies file 'sdf_credit_card.c' in directory
'/src/dynamic-preprocessors/sdf' and gives snort-2.9.7.0-alpha the
ability to alert on the following credit/debit cards issuers:
Diner's Club (Int'l, Carte Blanche, US and Canada)
Dankort Credit Card (Germany)
Laser Debit Card (Ireland and U.K./European Union)
Solo Credit Card (Ireland and U.K./European Union)
Discover Card (3 additional formats)
Japan Credit Bureau Card
Enroute Credit/Debit Card
Instapay Credit Card
All of these formats are 13 to 16 digits long, use the Luhn
Algorithm. The patch file is below:
diff -u sdf_credit_card.c.orig sdf_credit_card.c
--- sdf_credit_card.c.orig 2014-03-27 10:28:45.875430362 -0700
+++ sdf_credit_card.c 2014-03-27 12:18:31.602442400 -0700
@@ -33,12 +33,72 @@
/* Check the Issuer Identification Number of a CC#. */
static inline int CheckIssuers(char *cardnum, uint32_t buflen)
{
+ /* This code adds additional credit/debit card tracking capabilities
to */
+ /* snort-2.9.7.0-alpha by adding the following checks:
*/
+ /*
*/
+ /* Card Debit Credit Luhn Digits Format
*/
+ /* Name Card Card Algorithm Used 1st n
digits */
+ /*
*/
+ /* AMEX NO YES YES 15 34xx or
37xx */
+ /* VISA Electron YES NO YES 16 4026,
417500 */
+ /* 4844, 4508
*/
+ /* 4913, 4917
*/
+ /* VISA NO YES YES 16 4xxx
*/
+ /* Diner's Club
*/
+ /* International NO YES YES 14 36xx or
38xx */
+ /* Diner's Club
*/
+ /* Carte Blanche NO YES YES 14 350x to
355x */
+ /* Diner's Club
*/
+ /* US and Canada NO YES YES 16 54xx or
55xx */
+ /* Discover NO YES YES 16 6011,
*/
+ /* 6221-6229,
*/
+ /* 644x-649x,
65xx */
+ /* Japan Credit
*/
+ /* Bureau NO YES YES 15 1800 or
2131 */
+ /* Instapay NO YES YES 16 637x to
639x */
+ /* Mastercard NO YES YES 16 51xx to
55xx */
+ /* Enroute YES YES YES 15 2014 or
2049 */
+ /* Laser YES NO YES 16 6304, 6706
*/
+ /* 6771
*/
+ /* Solo NO YES YES 16 6334 or
6767 */
+ /* Dankort NO YES YES 16 5109
*/
+
+ /* There are some things which should be added to the credit card
*/
+ /* routines:
*/
+ /*
*/
+ /* The existing code in 2.9.7.0-alpha and previous versions only
handle */
+ /* major credit card companies, and a maximum of 16 digits for credit
card */
+ /* numbers. There are some credit and debit cards which have upwards
of */
+ /* 19 digits and use the Luhn algorithm, notably Laser and Solo (which
are */
+ /* used in the U.K. and Ireland, along with the European Union
*/
+
+ int val;
+
if (cardnum == NULL || buflen < ISSUER_SIZE)
return 0;
/* Visa */
+ if (cardnum[0] == '4' && cardnum[1] == '0' && cardnum[2] == '2' &&
cardnum[3] == '6')
+ return 1; /* valid, Visa Electron Debit Card, 1st four digits are
4026 */
+
+ if (cardnum[0] == '4' && cardnum[1] == '1' && cardnum[2] == '7' &&
+ cardnum[3] == '5' && cardnum[4] == '0' && cardnum[5] == '0')
+ return 1; /* valid, Visa Electron Debit Card, 1st six digits arr
417500 */
+
+ if (cardnum[0] == '4' && cardnum[1] == '8' && cardnum[2] == '4' &&
cardnum[3] == '4')
+ return 1; /* valid, Visa Electron Debit Card, 1st four digits are
4844 */
+
+ if (cardnum[0] == '4' && cardnum[1] == '5' && cardnum[2] == '0' &&
cardnum[3] == '8')
+ return 1; /* valid, Visa Electron Debit Card, 1st four digits are
4508 */
+
+ if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' &&
cardnum[3] == '3')
+ return 1; /* valid, Visa Electron Debit Card, 1st four digits are
4913 */
+
+ if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' &&
cardnum[3] == '7')
+ return 1; /* valid, Visa Electron Debit Card, 1st four digits are
4917 */
+
if (cardnum[0] == '4')
- return 1;
+ return 1; /* valid, Visa Credit Card, 1st digit is 4 */
/* Mastercard */
if ((cardnum[0] == '5') &&
@@ -51,9 +111,88 @@
(cardnum[1] == '4' || cardnum[1] == '7'))
return 1;
+ /* Diner's Club */
+ if (cardnum[0] == '3' && (cardnum[1] == '6' || cardnum[1] == '8'))
+ return 1; /* valid, Diner's Club International, 1st 2 digits 36
or 38 */
+
+ if (cardnum[0] == '3' && cardnum[1] == '0')
+ {
+ val = cardnum[2] - '0';
+ if (val >= 0 && val <= 5)
+ return 1; /* valid, Diner's Club Carte Blanche, 1st 2 digits
30, 3rd digit 0 to 5 */
+ }
+
+ if (cardnum[0] == '5' && (cardnum[1] == '4' || cardnum[1] == '5'))
+ return 1; /* valid, Diner's Club (US and Canada), 1st 2 digits 54
or 55 */
+
/* Discover */
if (cardnum[0] == '6' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '1')
- return 1;
+ return 1; /* valid, discover card, 1st 4 digits 6011 */
+
+ if (cardnum[0] == '6' && cardnum[1] == '2' && cardnum[2] == '2')
+ {
+ val = cardnum[3] - '0';
+ if (val >= 1 && val <= 9)
+ return 1; /* valid, discover card, 1st 3 digits 622, 4th
digit 1 to 9 */
+ }
+
+ if (cardnum[0] == '6' && cardnum[1] == '4')
+ {
+ val = cardnum[2] - '0';
+ if (val >= 4 && val <= 9)
+ return 1; /* valid, discover card, 1st 2 digits 64, 3rd digit
4 to 9 */
+ }
+
+ if (cardnum[0] == '6' && cardnum[1] == '5')
+ return 1; /* valid, discover card, 1st two digits are 65 */
+
+ if (cardnum[0] == '5' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '9')
+ return 1; /* valid, Dankort Card, 1st four digits are 5109 */
+
+ /* JCB - Japan Credit Bureau */
+ if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '3' &&
cardnum[3] == '1')
+ return 1; /* valid, 1st four digits are 2131 */
+
+ if (cardnum[0] == '1' && cardnum[1] == '8' && cardnum[2] == '0' &&
cardnum[3] == '0')
+ return 1; /* valid, 1st four digits are 1800 */
+
+ if (cardnum[0] == '3' && cardnum[1] == '5')
+ {
+ val = cardnum[2] - '0';
+ if (val >= 2 && val <= 8)
+ return 1; /* valid, 1st two digits are 35, 3rd digit is 2
thru 8 */
+ }
+
+ /* Enroute Credit/Debit Card */
+ if (cardnum[0] == '2' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '9')
+ return 1; /* valid, 1st four digits are 2019 */
+
+ if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '4' &&
cardnum[3] == '9')
+ return 1; /* valid, 1st four digits are 2149 */
+
+ /* Instapay Credit Card */
+ if (cardnum[0] == '6' && cardnum[1] == '3')
+ {
+ val = cardnum[2] - '0';
+ if (val >= 7 && val <= 9)
+ return 1; /* valid, 1st two digits are 63, 3rd digit is 7
thru 9 */
+ }
+
+ /* Laser Debit Card or Solo Card (Ireland) */
+ if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '0' &&
cardnum[3] == '4')
+ return 1; /* valid, Laser Debit Card, 1st four digits are 6304
*/
+
+ if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '0' &&
cardnum[3] == '6')
+ return 1; /* valid, Laser Debit Card, 1st four digits are 6706
*/
+
+ if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '7' &&
cardnum[3] == '1')
+ return 1; /* valid, Laser Debit Card, 1st four digits are 6771
*/
+
+ if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '3' &&
cardnum[3] == '4')
+ return 1; /* valid, Solo Credit Card, 1st four digits are 6334
*/
+
+ if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '6' &&
cardnum[3] == '7')
+ return 1; /* valid, Solo Credit Card, 1st four digits are 6767
*/
return 0;
}
This patch file compiles cleanly via 'make' in snort-2.9.7.0-alpha.
I am attaching the patch file to this email.
Bill Parker (wp02855 at gmail dot com)
Attachment:
sdf_credit_card.c.patch
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha Bill Parker (Mar 27)
- Re: [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha Josh Rosenbaum (jrosenba) (Mar 28)