Re: [fw-wiz] Blocking Teamviewer



I found this IDS rules for detection:

tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"DynGate TeamViewer"; flow:from_client,from_server,established; content:"DynGate"; pcre:"/din.aspx ?s="; pcre:"&client=DynGate&p="; depth:12; sid:6661; rev:1;)

If you use Active Directory, you could block teamviewer.exe through a Group policy.

--
Kind regards
Flemming Laugaard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards