Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block incoming teamviewer

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 5 Posters 9.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namezero111111
      last edited by

      Dear folks!

      I need to block incoming teamviewer connections, but allow outgoing connections.
      I have read this: http://forum.pfsense.org/index.php/topic,22632.0.html, but it only discusses blocking everything.

      Essentially, I only want support people to be able to open a connection to other people's desktop, but disallow them creating TV sessions for someone else to log on to.

      Has anyone dealt with this scenario before?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        TV makes the outgoing connection to the TV servers, then the remote session comes back through this session.  Not sure if you can allow for outgoing and block incoming.

        I don't believe that is how TV works, there is no unsolicited inbound traffic that you could block.  One of the main features of TV is the ability to control through a firewall without having to setup any rules.  The services makes connections to the TV servers.

        http://www.teamviewer.com/hi/kb/9-Does-it-work-behind-firewalls-proxy-server-and-NAT-routers.aspx
        TeamViewer will allow you to share your desktop over any kind of internet-/LAN-connection and over almost any firewall.

        Sure you could block access to TV servers, they use ports 80 and 443, and alternative of 5938, but then you would not be able to make outbound connections if you did that.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If their protocol is transmitted in the clear (unencrypted), and the outbound control messages are distinguishable from the inbound control messages (you'd need to compare a capture of each) then it might be possible to write an L7 pattern to match and block.

          Not exactly easy, but it's the only thing that comes to mind.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            That's impossible to do at a network level, can't decipher their encrypted traffic to tell what it's doing.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              Yeah the traffic is encrypted that is for sure!

              http://www.teamviewer.com/images/pdf/TeamViewer_SecurityStatement.pdf

              encryptiontv.png
              encryptiontv.png_thumb

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • W
                wm408
                last edited by

                So you don't want TV installed on any computers in your network, but you want to be able to access remote TV hosts for support?

                Block TV completely via CIDRs, etc.

                Use an SSH tunnel or VPN (redirect gateway option) to access TV externally from a completely different network.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.