Re: Blocking Teamviewer

[John Morrison <john.morrison101 () googlemail com>]

Siju,

You will require a firewall with deep packet inspection or a
signature-based IDS/IPS. TeamViewer uses ports 80 and 443 (http and
hhtps), but does not use the http protocol. To block it you can either
block any non-http traffic on port 80 (and non-https on 443) or use a
firewall/IDS/IPS that has a signature for TeamViewer.

An example, of the latter is CheckPoint. On their site they give
examples for various revisons of their product using the SmartDefense
feature. The TeamViewer product is a specific item you can select. For
VPN-1 NGX R65 & R62 it says:

1. In the SmartDefense tab, click Application Intelligence > Remote
Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over
HTTP] detected


I don't know if you could use something like snort instead to analyse
the traffic, build a custom signature and then block all traffic that
matches the signature.




On 19 March 2010 18:35, Siju George <sgeorge.ml () gmail com> wrote:
> Hi,
>
> How Do you block this Trojan ;-)
>
> http://www.teamviewer.com/solutions/remoteaccess.aspx
>
> Thanks
>
> --Siju
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards