Blocking Teamviewer

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Blocking Teamviewer

Siju George
Hi,

How Do you block this trojan ;-)

http://www.teamviewer.com/solutions/remoteaccess.aspx

Thanks

--Siju

Reply | Threaded
Open this post in threaded view
|

Re: Blocking Teamviewer

Steven Shockley
On 3/19/2010 12:30 PM, Siju George wrote:
> How Do you block this trojan ;-)

> http://www.teamviewer.com/solutions/remoteaccess.aspx

Presumably you're trying to block it with an OpenBSD firewall.  Analyze
the protocol, you can probably stop it with a transparent proxy that
disallows CONNECT requests.

Or, http://lmgtfy.com/?q=teamviewer+block&l=1

Reply | Threaded
Open this post in threaded view
|

Re: Blocking Teamviewer

Siju George
On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley <[hidden email]>
> Presumably you're trying to block it with an OpenBSD firewall.
>

Yes :-)

>Analyze the
> protocol, you can probably stop it with a transparent proxy that disallows
> CONNECT requests.
>

Could you please explain?

> Or, http://lmgtfy.com/?q=teamviewer+block&l=1
>

The first thing I did :-)

thanks

--Siju

Reply | Threaded
Open this post in threaded view
|

Re: Blocking Teamviewer

sonjaya-2
i try update this threads....

in my network using squid proxy for all internet access
after capture the access.log
teamviewer have several server

main server teamviewer
1. http://ping3.dyngate.com
2. masterxx.teamviewer.com
 where xxx = 1 until 17
 so become master1.teamviewer.com until master17.teamviewer.com

so i made block dst domain in squid.conf .
and teamviewer client can't working.
i try scan port was using for teamviewer server
# nmap ping3.dyngate.com

Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT
Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69.
Interesting ports on server340.teamviewer.com (85.25.143.69):
Not shown: 997 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
843/tcp  open  unknown
3389/tcp open  ms-term-serv

Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds

# nmap master1.teamviewer.com

Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT
Interesting ports on master.dyngate.com (87.230.73.23):
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
843/tcp open  unknown

ini hasil scan client teamviewer
# nmap 124.217.230.1xx

Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT
Interesting ports on server404.teamviewer.com (124.217.230.174):
Not shown: 997 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
843/tcp  open  unknown
3389/tcp open  ms-term-serv



Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds

so add in pf for blockerd port 843 & 3389

just that and teamviewer client can't working....
i hope this will be blocked teamviewer.

On Sat, Mar 20, 2010 at 1:22 AM, Siju George <[hidden email]> wrote:

> On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley <[hidden email]>
>> Presumably you're trying to block it with an OpenBSD firewall.
>>
>
> Yes :-)
>
>>Analyze the
>> protocol, you can probably stop it with a transparent proxy that disallows
>> CONNECT requests.
>>
>
> Could you please explain?
>
>> Or, http://lmgtfy.com/?q=teamviewer+block&l=1
>>
>
> The first thing I did :-)
>
> thanks
>
> --Siju
>
>



--
sonjaya
http://www.sharenupload.com

Reply | Threaded
Open this post in threaded view
|

Re: Blocking Teamviewer

matteo filippetto
2010/3/26 sonjaya <[hidden email]>

> i try update this threads....
>
> in my network using squid proxy for all internet access
> after capture the access.log
> teamviewer have several server
>
> main server teamviewer
> 1. http://ping3.dyngate.com
> 2. masterxx.teamviewer.com
>  where xxx = 1 until 17
>  so become master1.teamviewer.com until master17.teamviewer.com
>
> so i made block dst domain in squid.conf .
> and teamviewer client can't working.
> i try scan port was using for teamviewer server
> # nmap ping3.dyngate.com
>
> Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT
> Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69.
> Interesting ports on server340.teamviewer.com (85.25.143.69):
> Not shown: 997 filtered ports
> PORT     STATE SERVICE
> 80/tcp   open  http
> 843/tcp  open  unknown
> 3389/tcp open  ms-term-serv
>
> Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds
>
> # nmap master1.teamviewer.com
>
> Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT
> Interesting ports on master.dyngate.com (87.230.73.23):
> Not shown: 998 filtered ports
> PORT    STATE SERVICE
> 80/tcp  open  http
> 843/tcp open  unknown
>
> ini hasil scan client teamviewer
> # nmap 124.217.230.1xx
>
> Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT
> Interesting ports on server404.teamviewer.com (124.217.230.174):
> Not shown: 997 filtered ports
> PORT     STATE SERVICE
> 80/tcp   open  http
> 843/tcp  open  unknown
> 3389/tcp open  ms-term-serv
>
>
>
> Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds
>
> so add in pf for blockerd port 843 & 3389
>
> just that and teamviewer client can't working....
> i hope this will be blocked teamviewer.
>
> On Sat, Mar 20, 2010 at 1:22 AM, Siju George <[hidden email]> wrote:
> > On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley <
> [hidden email]>
> >> Presumably you're trying to block it with an OpenBSD firewall.
> >>
> >
> > Yes :-)
> >
> >>Analyze the
> >> protocol, you can probably stop it with a transparent proxy that
> disallows
> >> CONNECT requests.
> >>
> >
> > Could you please explain?
> >
> >> Or, http://lmgtfy.com/?q=teamviewer+block&l=1
> >>
> >
> > The first thing I did :-)
> >
> > thanks
> >
> > --Siju
> >
> >
>
>
>
> --
> sonjaya
> http://www.sharenupload.com
>
>

Hi,

my teamviewer works correctly with
host serverXXX.teamviewer.com and port 5938

You should block also that port.

Best regards

--
Matteo Filippetto

Reply | Threaded
Open this post in threaded view
|

Re: Blocking Teamviewer

Siju George
On Fri, Mar 26, 2010 at 10:33 PM, matteo filippetto
<[hidden email]> wrote:
> 2010/3/26 sonjaya <[hidden email]>
>

my teamviewer works correctly with
host serverXXX.teamviewer.com and port 5938

You should block also that port.

Thanks Sonjaya and Matteo let me try them :-)

--Siju