| Description | This article describes how to block all IDN domains using a static filter to prevent homograph attacks. |
| Scope | FortiGate. |
| Solution |
An IDN (Internationalized Domain Name) is a domain name that contains characters outside the basic English alphabet; instead of being limited to ASCII, it allows users to register domains in the native languages of the users.
Attackers, however, can register look-alike domains to trick users into visiting a trusted website.
Examples: https://google.comノindex.biz/ (Sample website maintained by SANS).
In the Web-Filter profile, navigate to 'Static URL Filter', enable 'URL Filter', and select 'Create New'.
In the 'New URL Filter' section, select 'Regular Expression', in the URL field enter the expression '(^|\.)xn--[A-Za-z0-9-]+(\.|$)' as in the screenshot, and set the action to block.
|
