Firewall Wizards mailing list archives
Re: Blocking Teamviewer
From: John Morrison <john.morrison101 () googlemail com>
Date: Tue, 30 Mar 2010 16:24:59 +0100
Siju, You will require a firewall with deep packet inspection or a signature-based IDS/IPS. TeamViewer uses ports 80 and 443 (http and hhtps), but does not use the http protocol. To block it you can either block any non-http traffic on port 80 (and non-https on 443) or use a firewall/IDS/IPS that has a signature for TeamViewer. An example, of the latter is CheckPoint. On their site they give examples for various revisons of their product using the SmartDefense feature. The TeamViewer product is a specific item you can select. For VPN-1 NGX R65 & R62 it says: 1. In the SmartDefense tab, click Application Intelligence > Remote Control Applications > TeamViewer. 2. In the configuration pane, under Settings > Mode, check Active. 3. Install policy on all modules. How Do I Know if My Network is Under Attack? SmartView Tracker will log the following entries: Attack Name: TeamViewer Attack Information: TeamViewer application connection attempt [over HTTP] detected I don't know if you could use something like snort instead to analyse the traffic, build a custom signature and then block all traffic that matches the signature. On 19 March 2010 18:35, Siju George <sgeorge.ml () gmail com> wrote:
Hi, How Do you block this Trojan ;-) http://www.teamviewer.com/solutions/remoteaccess.aspx Thanks --Siju _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Blocking Teamviewer John Morrison (Apr 13)
- <Possible follow-ups>
- Re: Blocking Teamviewer Flemming Laugaard (Apr 13)