Re: [fw-wiz] Blocking Teamviewer



Siju,

You will require a firewall with deep packet inspection or a
signature-based IDS/IPS. TeamViewer uses ports 80 and 443 (http and
hhtps), but does not use the http protocol. To block it you can either
block any non-http traffic on port 80 (and non-https on 443) or use a
firewall/IDS/IPS that has a signature for TeamViewer.

An example, of the latter is CheckPoint. On their site they give
examples for various revisons of their product using the SmartDefense
feature. The TeamViewer product is a specific item you can select. For
VPN-1 NGX R65 & R62 it says:

1. In the SmartDefense tab, click Application Intelligence > Remote
Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over
HTTP] detected


I don't know if you could use something like snort instead to analyse
the traffic, build a custom signature and then block all traffic that
matches the signature.




On 19 March 2010 18:35, Siju George <sgeorge.ml@xxxxxxxxx> wrote:
Hi,

How Do you block this Trojan ;-)

http://www.teamviewer.com/solutions/remoteaccess.aspx

Thanks

--Siju
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards