- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- PCI - Credit Card Numbers does not block traffic
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PCI - Credit Card Numbers does not block traffic
Hi,
When running a test to block credit card numbers leaving the LAN towards the internet using Content Awareness no hits on the credit rule (with inline layer) is being matched
The below general HTTP/HTTPS rule is being matched instead.
Any idea why entering credit cards on shopping sites in combination with this default "Pattern (RegEx) Data" called "PCI - Credit Card Numbers" is not working?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to make sure I understand, are you saying rule 8.2 is supposed to be matched, but instead its hitting 8.1?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andy, rule 8 is supposed to be matched and consequently the inline rule of either 8.1, 8.2 or a drop if not matched.
But now it skips rule 8 and does hit on rule 9 which is a general HTTPS rule.
I use my own real Mastercard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For testing are you using a "real" credit card number that conforms to the Luhn algorithm? Valid credit card numbers are not just 15 or 16 random numbers. Try this one which conforms in your testing: 4242 4242 4242 4242. This is an easy one to remember because it is the answer to life, the universe and everything.
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Never heard of that before, but good to know thats number used for testing : - )
Below is what I got from Google ages ago lol
4111 1111 1111 1111 for Visa, 5431 1111 1111 1111 for MasterCard, 3711 1111 1111 114 for Amex, and 3600 0000 0000 08 for Diners
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do any of you in your own LAB have a nice outbound hit on a CC with the content column as "PCI - Credit Card Numbers" ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did when I had content awareness blade enabled. By the way, credit card numbers layer (rule 8), shows you are missing clean up rule, but should ne a big deal in this context, since that simply means you dont have any any drop rule at the bottom, but as it shows there, unmatched traffic would be dropped anyway. Just curious, how many hits do you see on rules 8.1 and 8.2?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I use my own real Mastercard but will try the answer to life as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, something to consider.
Andy
https://community.checkpoint.com/t5/Management/Content-Awareness-things-that-do-not-work/m-p/139442
![](/skins/images/7A1782F19EEDD3757E1DDB3CF96B7DC3/responsive_peak/images/icon_anonymous_message.png)