This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arend
Contributor
‎2023-08-18 06:12 AM

PCI - Credit Card Numbers does not block traffic

Hi,

When running a test to block credit card numbers leaving the LAN towards the internet using Content Awareness no hits on the credit rule (with inline layer) is being matched

The below general HTTP/HTTPS rule is being matched instead.

Any idea why entering credit cards on shopping sites in combination with this default "Pattern (RegEx) Data" called "PCI - Credit Card Numbers" is not working?

 

Preview file
26 KB
0 Kudos
8 Replies
the_rock
Legend
Legend
‎2023-08-18 06:23 AM

Just to make sure I understand, are you saying rule 8.2 is supposed to be matched, but instead its hitting 8.1?

Andy

0 Kudos
Arend
Contributor
‎2023-08-21 04:28 AM
In response to the_rock

Hi Andy, rule 8 is supposed to be matched and consequently the inline rule of either 8.1, 8.2 or a drop if not matched.

But now it skips rule 8 and does hit on rule 9 which is a general HTTPS rule.

I use my own real Mastercard

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-08-18 06:43 AM

For testing are you using a "real" credit card number that conforms to the Luhn algorithm?  Valid credit card numbers are not just 15 or 16 random numbers.  Try this one which conforms in your testing: 4242 4242 4242 4242.  This is an easy one to remember because it is the answer to life, the universe and everything.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend
‎2023-08-18 06:53 AM
In response to Timothy_Hall

Never heard of that before, but good to know thats number used for testing : - )

Below is what I got from Google ages ago lol

4111 1111 1111 1111 for Visa, 5431 1111 1111 1111 for MasterCard, 3711 1111 1111 114 for Amex, and 3600 0000 0000 08 for Diners

0 Kudos
Arend
Contributor
‎2023-08-21 04:33 AM
In response to the_rock

Do any of you in your own LAB have a nice outbound hit on a CC with the content column as "PCI - Credit Card Numbers" ?

0 Kudos
the_rock
Legend
Legend
‎2023-08-21 04:59 AM
In response to Arend

I did when I had content awareness blade enabled. By the way, credit card numbers layer (rule 8), shows you are missing clean up rule, but should ne a big deal in this context, since that simply means you dont have any any drop rule at the bottom, but as it shows there, unmatched traffic would be dropped anyway. Just curious, how many hits do you see on rules 8.1 and 8.2?

Andy

0 Kudos
Arend
Contributor
‎2023-08-21 04:29 AM
In response to Timothy_Hall

I use my own real Mastercard but will try the answer to life as well.

0 Kudos
the_rock
Legend
Legend
‎2023-08-21 05:03 AM
In response to Arend

Also, something to consider.

Andy

https://community.checkpoint.com/t5/Management/Content-Awareness-things-that-do-not-work/m-p/139442

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events