Blocking access to UNICODE domain name fishing sites

According to Hacker news story at http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html a lot of browsers are vulnerable to the fishing attack in Unicode domain names.

As Squid mimics the subject name and alternative names of certificates when HTTPS filtering is enabled the Unicode domain name of a fishing site is mimicked too. To block access to such sites it is recommended to add the following URL regex blocking to Admin UI / Web Safety / Filtering Rules / Block by UR.

https?:\/\/.*\.xn--.*

This is a temporary measure until browsers are fixed. It may result into over blocking especially in countries that use the Unicode encoded domain names (China?)

About sichent

sichent
This entry was posted in Linux. Bookmark the permalink.