blocking teamviewer
-
Friends, good afternoon.
I made a configuration of two policies, first releasing some computers, then blocking my subnet for "teamviewr", but the first rule is not working.Can anyone explain what I do wrong?
-
Hi,
Establish a connection on a PC where it should not work, normally.
Launch a heavy task like a transfer.Use pfSense network graph monitor to see who communicates with who - on one side your IP, on the other an IP (from TeamViewer) that your didn't yet included in your block list.
IPv6 ?
-
Below are my rules.
-
You think those are the only fqdn involved in access teamviewer? Where did you get that info from?
-
@johnpoz said in blocking teamviewer:
You think those are the only fqdn involved in access teamviewer? Where did you get that info from?
John, I can not guarantee if they are the only ones, but the blocking rule is working.
I'm just having problems with the release rule for some computers. -
what are the rest of your rules?
-
@johnpoz said in blocking teamviewer:
what are the rest of your rules?
See below.
When adding the host in the "HOSTS_LIBERADOS" rule, it has access to the "teamviewer", but this rule releases everything
-
LIke I said where did you get that idea that allowing your clients to masterX.teamviewer.com would allow teamviewer to work?
There are hundreds of IP and fqdn used when connecting t teamviewer, you can never be sure what its going to need to resolver or connect to... So a rule that just allows access to masterX is prob not going to allow access. And to be honest I doubt it will block access either.
teamviewer is a nasty little thing to try and block - it will go out on 80/443 and will do its own dns and use IP directly, etc.
-
@johnpoz said in blocking teamviewer:
LIke I said where did you get that idea that allowing your clients to masterX.teamviewer.com would allow teamviewer to work?
There are hundreds of IP and fqdn used when connecting t teamviewer, you can never be sure what its going to need to resolver or connect to... So a rule that just allows access to masterX is prob not going to allow access. And to be honest I doubt it will block access either.
teamviewer is a nasty little thing to try and block - it will go out on 80/443 and will do its own dns and use IP directly, etc.I understand,
do you use any way to block access to "teamviewer"? -
No ;) I use even from work with a proxy ;)... Like i said its difficult to block!! When you allow normal internet access.
Since you seem pretty much block all internet anyway.. Your not really looking to block it.. Your looking to what needs to be open to allow it.
https://community.teamviewer.com/t5/TeamViewer-General/Manually-allow-teamviewer-on-NG-next-generation-firewalls/td-p/4941
Allow the port 5938 and *.teamviewer.com
-
https://community.teamviewer.com/t5/TeamViewer-13/FQDN-list/td-p/45695
-
And where is she getting that info from.. Where does teamviewer state that??
https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139
They again list *.teamviewer.com
Because some IPs came back with PTR with that forward name doesn't mean anything..
Since it looks like your blocking internet in general, as long as you allow your machines out on 5938 and don't prevent them from looking up dns they should be able to access teamviewer..
-
@johnpoz said in blocking teamviewer:
They again list *.teamviewer.com
image below, it is from a computer that does not connect, so we can validate that the addresses are valid, but anyway I am not able to use the same addresses to create a releasing rule ..
-
Fixed, with permissive / negative rules target to port 5938