Geeks With Blogs
Robert's Sysadmin Blog Unraveling the datacenter one fibre at a time

Came across this via


This page presents an example of The Homograph Attack described by Evgeniy Gabrilovich and Alex Gontmakher. (See "The Homograph Attack", Communications of the ACM, 45(2):128, February 2002. Click here for the full-length paper in PDF, or here for the HTML archive of the CACM Inside Risks column at SRI).

To prove the feasibility of this kind of attack, we legally registered (at a homographic variant of the domain name "" which incorporates Russian language characters.

Here is the forged name http://www.mi?r?s? and here is the real thing
Can you tell the difference ?

Here is another example and the accompanying IDN advisory.

The most logical application of this would be in fishing attempts I suppose, and of course any web-code attack.

Posted on Thursday, February 10, 2005 6:23 PM | Back to top

Comments on this post: Domain name Homograph attack

# re: Domain name Homograph attack
Requesting Gravatar...
Robert, I'm not getting any name resolution for Can you help out? I would love to read this paper.
Left by Dave on Feb 10, 2005 5:45 PM

# re: Domain name Homograph attack
Requesting Gravatar...
That would be Phishing..
unless youre actual going for Bass ;-)
Left by Reaper on Feb 11, 2005 11:50 AM

# re: Domain name Homograph attack
Requesting Gravatar...
its good
Left by yenbads on Jun 02, 2006 10:23 AM

Your comment:
 (will show your gravatar)

Copyright © Robert Kloosterhuis | Powered by: