(solved) How to block Teamviewer
-
Hi,
I have to block Teamviewer on my network.
I tried couple of rules but unable to block teamviewer. I tried port 5938 but teamviewer find some other way to connect to the serverCan anybody know how to block Teamviewer through firewall.
Mangesh
-
Hello,
Blocking all port your firewall and open only usage port.echo ".teamviewer.com" > /var/squid/acl/team.acl
echo ".dyngate.com" >> /var/squid/acl/team.acl
and add rule to squid.inc after line 771. ;
Blocak-Teamviewer
acl teamviewer_uzantilari url_regex din.aspx$ dout.aspx$
acl teamviewer_domainleri url_regex "/var/squid/acl/team.acl"
http_access deny teamviewer_uzantilari
http_access deny teamviewer_domainleriGo to squid genaral page and click save buttom.
Now blocking teamviewer,i tested teamviewer5.See my picture ..
-
Hi,
I have to block Teamviewer on my network.
I tried couple of rules but unable to block teamviewer. I tried port 5938 but teamviewer find some other way to connect to the serverCan anybody know how to block Teamviewer through firewall.
Mangesh
All Teamviever like apps use port 80/443 for their communication so you can forget about blocking them via a simple block rule. You need to use squid as ozanus statedโฆ
-
You have another option that is a little tedious, but it might work if squid is an option.
You could create a teamviewer network(s) alias. Then check the state table for a machine with a connection to a teamviewer server, and add the server IP or network to the alias.
Then create a block rule with destinations to port 80/443.It's a pain and it requires upkeep, but it's an alternative when you can't force all of your traffic through squid.
-
Squid would be the way to go on pfSense 1.2.x to get this done. On pfSense 2.0 you will be able to have hostnames in aliases, which will let you block by a name such as teamviewer.com / www.teamviewer.com / etc. If the DNS query returns multiple IPs, all of them are added.
Just something to look forward to in the future, 2.0 is still nowhere near production ready.
-
I looked into it, and they seem to have a lot of IP addresses for gateways.
Overriding the authoritative servers for dyngate.com and teamviewer.com seems to do the trick. Just send all DNS requests for those two domains to some IP that doesn't exist. -
I looked into it, and they seem to have a lot of IP addresses for gateways.
Overriding the authoritative servers for dyngate.com and teamviewer.com seems to do the trick. Just send all DNS requests for those two domains to some IP that doesn't exist.That will also work but if you go that route, you must make sure that they have no other means to resolve that IP. Block all outgoing DNS unless it's to your pfSense box's LAN or other interface IP addresses. That will prevent someone from, for example, using Google DNS or OpenDNS on their PC to bypass your restrictions.
-
Exactly. I've worked with some campus networks that are too big to force everything through squid, but enforcing DNS through pfSense is a lot less load.
-
Exactly. I've worked with some campus networks that are too big to force everything through squid, but enforcing DNS through pfSense is a lot less load.
The only potential flaw there is if someone really wants to bypass it they could use a web-based DNS service to lookup the IPs, and then add them to their hosts file.
-
Or switch to another like LogMeIn. :)
-
Or fastviewer or netviewer or โฆ ;)
-
To block these sites, I forced all DHCP clients to use my AD Server as the DNS resolver with OpenDNS as my forwarding Internet DNS server. On the FW, I just set port 53 or DNS to only use OpenDNS as only DNS - all other DNS resolvers are blocked (this is on OUTBOUND or LAN). In AD, I create DNS zones such as logmein.com, temaviewer.com, and all the DNS I want to prevent to go out internally, and I resolve them to the IP address of google.com - everytime they try to resolve these sites, they redirect to google.com. If they try to use GoogleDNS or other, it doesn't work either. It was easier to put these DNS hosts in AD than in pfSense - hopefully there is a better option in pf's future.