• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Block incoming teamviewer

Scheduled Pinned Locked Moved Firewalling
6 Posts 5 Posters 9.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    namezero111111
    last edited by Jun 22, 2012, 5:05 PM

    Dear folks!

    I need to block incoming teamviewer connections, but allow outgoing connections.
    I have read this: http://forum.pfsense.org/index.php/topic,22632.0.html, but it only discusses blocking everything.

    Essentially, I only want support people to be able to open a connection to other people's desktop, but disallow them creating TV sessions for someone else to log on to.

    Has anyone dealt with this scenario before?

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Jun 24, 2012, 3:56 PM

      TV makes the outgoing connection to the TV servers, then the remote session comes back through this session.  Not sure if you can allow for outgoing and block incoming.

      I don't believe that is how TV works, there is no unsolicited inbound traffic that you could block.  One of the main features of TV is the ability to control through a firewall without having to setup any rules.  The services makes connections to the TV servers.

      http://www.teamviewer.com/hi/kb/9-Does-it-work-behind-firewalls-proxy-server-and-NAT-routers.aspx
      TeamViewer will allow you to share your desktop over any kind of internet-/LAN-connection and over almost any firewall.

      Sure you could block access to TV servers, they use ports 80 and 443, and alternative of 5938, but then you would not be able to make outbound connections if you did that.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Jun 24, 2012, 7:16 PM

        If their protocol is transmitted in the clear (unencrypted), and the outbound control messages are distinguishable from the inbound control messages (you'd need to compare a capture of each) then it might be possible to write an L7 pattern to match and block.

        Not exactly easy, but it's the only thing that comes to mind.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Jun 24, 2012, 7:23 PM

          That's impossible to do at a network level, can't decipher their encrypted traffic to tell what it's doing.

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by Jun 24, 2012, 9:00 PM

            Yeah the traffic is encrypted that is for sure!

            http://www.teamviewer.com/images/pdf/TeamViewer_SecurityStatement.pdf

            encryptiontv.png
            encryptiontv.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • W
              wm408
              last edited by Jun 25, 2012, 2:12 PM

              So you don't want TV installed on any computers in your network, but you want to be able to access remote TV hosts for support?

              Block TV completely via CIDRs, etc.

              Use an SSH tunnel or VPN (redirect gateway option) to access TV externally from a completely different network.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received