Package: wnpp Severity: wishlist Owner: Joachim Bauernberger <joachim.bauernber...@protonmail.ch>
* Package name : nfq Version : 1.0.6 Upstream Author : Name <joachim.bauernber...@protonmail.com> * URL : https://gitlab.com/jbauernberger/nfq/ * License : GPLv3 Programming Lang: C Description : The NFQUEUE based IDN/punicode DNS filter to mitigate homograph phishing attacks NFQ is a DNS packet filter that interfaces with the libnetfilter_queue Linux kernel subsystem. It identifies any punicode domain names by matching the string "xn--" in DNS questions or answers. NFQ stops all homograph phishing attacks for lookalike domains. NFQ can run either directly on a Linux based workstation, and before your DNS cache and/or on a gateway. NFQ is not replacement for /etc/hosts: E.g. NFQ is not for blacklisting which would be a poor security guarantee for homograph attacks. Instead NFQ blocks all punicode domains by default and uses an (optional) whitelist to explicitly allow certain selected IDN domains which you know are safe. NFQ is for environments with strict anti-phishing policies. We assume: • you are using some kind of dnscache (e.g. djbdns, dnsmasq, unbound, etc ...) which then forwards any queries to an upstream DNS server (e.g. 8.8.8.8 or 1.1.1.1 etc), and ... • you have configured your browser to use your DNS cache instead of resolving directly via upstream reolver over DoH. (nfq works on the kernel queue so you can still use DoH for outgoing forwarded queries as part with dnsmasq or unbound etc ... nfq doesn't prevent you from using DoH) • you will be adding the iptables manually so that nfq can intercept packages, this is outside the scope of the nfq installer, see the README and examples how to do this.
