Blocking access to UNICODE domain name fishing sites

According to Hacker news story at http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html a lot of browsers are vulnerable to the fishing attack in Unicode domain names.

As Squid mimics the subject name and alternative names of certificates when HTTPS filtering is enabled the Unicode domain name of a fishing site is mimicked too. To block access to such sites it is recommended to add the following URL regex blocking to Admin UI / Web Safety / Filtering Rules / Block by UR.

https?:\/\/.*\.xn--.*

This is a temporary measure until browsers are fixed. It may result into over blocking especially in countries that use the Unicode encoded domain names (China?)

About sichent

sichent
This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s