Re: [fw-wiz] Blocking Teamviewer
- From: John Morrison <john.morrison101@xxxxxxxxxxxxxx>
- Date: Tue, 30 Mar 2010 16:24:59 +0100
Siju,
You will require a firewall with deep packet inspection or a
signature-based IDS/IPS. TeamViewer uses ports 80 and 443 (http and
hhtps), but does not use the http protocol. To block it you can either
block any non-http traffic on port 80 (and non-https on 443) or use a
firewall/IDS/IPS that has a signature for TeamViewer.
An example, of the latter is CheckPoint. On their site they give
examples for various revisons of their product using the SmartDefense
feature. The TeamViewer product is a specific item you can select. For
VPN-1 NGX R65 & R62 it says:
1. In the SmartDefense tab, click Application Intelligence > Remote
Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over
HTTP] detected
I don't know if you could use something like snort instead to analyse
the traffic, build a custom signature and then block all traffic that
matches the signature.
On 19 March 2010 18:35, Siju George <sgeorge.ml@xxxxxxxxx> wrote:
Hi,_______________________________________________
How Do you block this Trojan ;-)
http://www.teamviewer.com/solutions/remoteaccess.aspx
Thanks
--Siju
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: [fw-wiz] DNS Names for external services
- Next by Date: Re: [fw-wiz] Firewall best practices
- Previous by thread: [fw-wiz] DNS Names for external services
- Next by thread: Re: [fw-wiz] Blocking Teamviewer
- Index(es):
