pfSense Gold Subscription

Author Topic: (solved) How to block Teamviewer  (Read 71116 times)

0 Members and 1 Guest are viewing this topic.

Offline mangeshgg

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
(solved) How to block Teamviewer
« on: February 03, 2010, 03:57:36 am »
Hi,

I have to block Teamviewer on my network.
I tried couple of rules but unable to block teamviewer. I tried port 5938 but teamviewer find some other way to connect to the server

Can anybody know how to block Teamviewer through firewall.


Mangesh
« Last Edit: February 11, 2010, 05:34:33 am by mangeshgg »

Offline ozanus

  • Full Member
  • ***
  • Posts: 113
  • Karma: +1/-0
    • View Profile
Re: How to block Teamviewer
« Reply #1 on: February 03, 2010, 05:11:33 am »
Hello,
Blocking all port your firewall and open only usage port.
# echo ".teamviewer.com" > /var/squid/acl/team.acl
# echo ".dyngate.com" >> /var/squid/acl/team.acl

and add rule to  squid.inc after line 771. ;

# Blocak-Teamviewer
acl teamviewer_uzantilari url_regex din\.aspx$ dout\.aspx$
acl teamviewer_domainleri url_regex "/var/squid/acl/team.acl"
http_access deny teamviewer_uzantilari
http_access deny teamviewer_domainleri

Go to squid genaral page and click save buttom.
Now blocking teamviewer,i tested teamviewer5.See my picture ..

Offline jlepthien

  • Hero Member
  • *****
  • Posts: 657
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #2 on: February 04, 2010, 04:47:43 am »
Hi,

I have to block Teamviewer on my network.
I tried couple of rules but unable to block teamviewer. I tried port 5938 but teamviewer find some other way to connect to the server

Can anybody know how to block Teamviewer through firewall.


Mangesh

All Teamviever like apps use port 80/443 for their communication so you can forget about blocking them via a simple block rule. You need to use squid as ozanus stated...
| apple fanboy | music lover | network and security specialist | in love with cisco systems |

Offline blak111

  • Sr. Member
  • ****
  • Posts: 302
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #3 on: February 04, 2010, 08:06:56 am »
You have another option that is a little tedious, but it might work if squid is an option.
You could create a teamviewer network(s) alias. Then check the state table for a machine with a connection to a teamviewer server, and add the server IP or network to the alias.
Then create a block rule with destinations to port 80/443.

It's a pain and it requires upkeep, but it's an alternative when you can't force all of your traffic through squid.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16775
  • Karma: +402/-2
    • View Profile
Re: How to block Teamviewer
« Reply #4 on: February 04, 2010, 08:49:23 am »
Squid would be the way to go on pfSense 1.2.x to get this done. On pfSense 2.0 you will be able to have hostnames in aliases, which will let you block by a name such as teamviewer.com / www.teamviewer.com / etc. If the DNS query returns multiple IPs, all of them are added.

Just something to look forward to in the future, 2.0 is still nowhere near production ready.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline blak111

  • Sr. Member
  • ****
  • Posts: 302
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #5 on: February 04, 2010, 08:53:51 am »
I looked into it, and they seem to have a lot of IP addresses for gateways.
Overriding the authoritative servers for dyngate.com and teamviewer.com seems to do the trick. Just send all DNS requests for those two domains to some IP that doesn't exist.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16775
  • Karma: +402/-2
    • View Profile
Re: How to block Teamviewer
« Reply #6 on: February 04, 2010, 08:58:07 am »
I looked into it, and they seem to have a lot of IP addresses for gateways.
Overriding the authoritative servers for dyngate.com and teamviewer.com seems to do the trick. Just send all DNS requests for those two domains to some IP that doesn't exist.

That will also work but if you go that route, you must make sure that they have no other means to resolve that IP. Block all outgoing DNS unless it's to your pfSense box's LAN or other interface IP addresses. That will prevent someone from, for example, using Google DNS or OpenDNS on their PC to bypass your restrictions.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline blak111

  • Sr. Member
  • ****
  • Posts: 302
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #7 on: February 04, 2010, 09:28:14 pm »
Exactly. I've worked with some campus networks that are too big to force everything through squid, but enforcing DNS through pfSense is a lot less load.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16775
  • Karma: +402/-2
    • View Profile
Re: How to block Teamviewer
« Reply #8 on: February 05, 2010, 05:32:43 pm »
Exactly. I've worked with some campus networks that are too big to force everything through squid, but enforcing DNS through pfSense is a lot less load.

The only potential flaw there is if someone really wants to bypass it they could use a web-based DNS service to lookup the IPs, and then add them to their hosts file.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline blak111

  • Sr. Member
  • ****
  • Posts: 302
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #9 on: February 05, 2010, 08:31:43 pm »
Or switch to another like LogMeIn.  :)

Offline jlepthien

  • Hero Member
  • *****
  • Posts: 657
  • Karma: +0/-0
    • View Profile
Re: How to block Teamviewer
« Reply #10 on: February 06, 2010, 01:44:47 am »
Or fastviewer or netviewer or ... ;)
| apple fanboy | music lover | network and security specialist | in love with cisco systems |

Offline pinoyboy

  • Full Member
  • ***
  • Posts: 125
  • Karma: +1/-0
    • View Profile
Re: How to block Teamviewer
« Reply #11 on: February 10, 2010, 09:37:24 am »
To block these sites, I forced all DHCP clients to use my AD Server as the DNS resolver with OpenDNS as my forwarding Internet DNS server.  On the FW, I just set port 53 or DNS to only use OpenDNS as only DNS - all other DNS resolvers are blocked (this is on OUTBOUND or LAN).  In AD, I create DNS zones such as logmein.com, temaviewer.com, and all the DNS I want to prevent to go out internally, and I resolve them to the IP address of google.com - everytime they try to resolve these sites, they redirect to google.com.  If they try to use GoogleDNS or other, it doesn't work either.  It was easier to put these DNS hosts in AD than in pfSense - hopefully there is a better option in pf's future.