Re: [fw-wiz] Blocking Teamviewer


You will require a firewall with deep packet inspection or a
signature-based IDS/IPS. TeamViewer uses ports 80 and 443 (http and
hhtps), but does not use the http protocol. To block it you can either
block any non-http traffic on port 80 (and non-https on 443) or use a
firewall/IDS/IPS that has a signature for TeamViewer.

An example, of the latter is CheckPoint. On their site they give
examples for various revisons of their product using the SmartDefense
feature. The TeamViewer product is a specific item you can select. For
VPN-1 NGX R65 & R62 it says:

1. In the SmartDefense tab, click Application Intelligence > Remote
Control Applications > TeamViewer.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: TeamViewer
Attack Information: TeamViewer application connection attempt [over
HTTP] detected

I don't know if you could use something like snort instead to analyse
the traffic, build a custom signature and then block all traffic that
matches the signature.

On 19 March 2010 18:35, Siju George <> wrote:

How Do you block this Trojan ;-)


firewall-wizards mailing list

firewall-wizards mailing list