Re: Blocking Teamviewer
teamviewer access over all-too-common firewall . it is convinient ,but it is dangerous to company . in my intranet experiment , i manage to prevent access from windows81's teamviewer to linux's teamviewer. i touch squid after long iinterval , so there perhaps are mistakes . the followings may be false illusion . after serching internet ,my setting is next. internet | | wifi router---windows81 | | urtwn0 dhcp openbsd fxp0 192.168.64.1/24(dhcpd) | | dhcp linux (firefox edit>preference>adavance>setting>http proxy 192.168.64.1 port 3128 1st # ./comment-out.bat /etc/squid/squid.conf acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/squid/cache refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 432 2nd # ./comment-out.bat /etc/pf.conf ext_if="urtwn0" int_if="fxp0" set skip on lo set skip on {pfsync} set reassemble yes no-df pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128 pass out quick from 127.0.0.1 divert-reply 3rd linux access internet . --- tuyosi takesima
Re: Blocking Teamviewer
On Fri, Mar 26, 2010 at 10:33 PM, matteo filippetto wrote: > 2010/3/26 sonjaya > my teamviewer works correctly with host serverXXX.teamviewer.com and port 5938 You should block also that port. Thanks Sonjaya and Matteo let me try them :-) --Siju
Re: Blocking Teamviewer
2010/3/26 sonjaya > i try update this threads > > in my network using squid proxy for all internet access > after capture the access.log > teamviewer have several server > > main server teamviewer > 1. http://ping3.dyngate.com > 2. masterxx.teamviewer.com > where xxx = 1 until 17 > so become master1.teamviewer.com until master17.teamviewer.com > > so i made block dst domain in squid.conf . > and teamviewer client can't working. > i try scan port was using for teamviewer server > # nmap ping3.dyngate.com > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT > Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. > Interesting ports on server340.teamviewer.com (85.25.143.69): > Not shown: 997 filtered ports > PORT STATE SERVICE > 80/tcp open http > 843/tcp open unknown > 3389/tcp open ms-term-serv > > Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds > > # nmap master1.teamviewer.com > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT > Interesting ports on master.dyngate.com (87.230.73.23): > Not shown: 998 filtered ports > PORTSTATE SERVICE > 80/tcp open http > 843/tcp open unknown > > ini hasil scan client teamviewer > # nmap 124.217.230.1xx > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT > Interesting ports on server404.teamviewer.com (124.217.230.174): > Not shown: 997 filtered ports > PORT STATE SERVICE > 80/tcp open http > 843/tcp open unknown > 3389/tcp open ms-term-serv > > > > Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds > > so add in pf for blockerd port 843 & 3389 > > just that and teamviewer client can't working > i hope this will be blocked teamviewer. > > On Sat, Mar 20, 2010 at 1:22 AM, Siju George wrote: > > On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley < > steve.shock...@shockley.net> > >> Presumably you're trying to block it with an OpenBSD firewall. > >> > > > > Yes :-) > > > >>Analyze the > >> protocol, you can probably stop it with a transparent proxy that > disallows > >> CONNECT requests. > >> > > > > Could you please explain? > > > >> Or, http://lmgtfy.com/?q=teamviewer+block&l=1 > >> > > > > The first thing I did :-) > > > > thanks > > > > --Siju > > > > > > > > -- > sonjaya > http://www.sharenupload.com > > Hi, my teamviewer works correctly with host serverXXX.teamviewer.com and port 5938 You should block also that port. Best regards -- Matteo Filippetto
Re: Blocking Teamviewer
i try update this threads in my network using squid proxy for all internet access after capture the access.log teamviewer have several server main server teamviewer 1. http://ping3.dyngate.com 2. masterxx.teamviewer.com where xxx = 1 until 17 so become master1.teamviewer.com until master17.teamviewer.com so i made block dst domain in squid.conf . and teamviewer client can't working. i try scan port was using for teamviewer server # nmap ping3.dyngate.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. Interesting ports on server340.teamviewer.com (85.25.143.69): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds # nmap master1.teamviewer.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Interesting ports on master.dyngate.com (87.230.73.23): Not shown: 998 filtered ports PORTSTATE SERVICE 80/tcp open http 843/tcp open unknown ini hasil scan client teamviewer # nmap 124.217.230.1xx Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT Interesting ports on server404.teamviewer.com (124.217.230.174): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds so add in pf for blockerd port 843 & 3389 just that and teamviewer client can't working i hope this will be blocked teamviewer. On Sat, Mar 20, 2010 at 1:22 AM, Siju George wrote: > On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley >> Presumably you're trying to block it with an OpenBSD firewall. >> > > Yes :-) > >>Analyze the >> protocol, you can probably stop it with a transparent proxy that disallows >> CONNECT requests. >> > > Could you please explain? > >> Or, http://lmgtfy.com/?q=teamviewer+block&l=1 >> > > The first thing I did :-) > > thanks > > --Siju > > -- sonjaya http://www.sharenupload.com
Re: Blocking Teamviewer
On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley > Presumably you're trying to block it with an OpenBSD firewall. > Yes :-) >Analyze the > protocol, you can probably stop it with a transparent proxy that disallows > CONNECT requests. > Could you please explain? > Or, http://lmgtfy.com/?q=teamviewer+block&l=1 > The first thing I did :-) thanks --Siju
Re: Blocking Teamviewer
On 3/19/2010 12:30 PM, Siju George wrote: How Do you block this trojan ;-) http://www.teamviewer.com/solutions/remoteaccess.aspx Presumably you're trying to block it with an OpenBSD firewall. Analyze the protocol, you can probably stop it with a transparent proxy that disallows CONNECT requests. Or, http://lmgtfy.com/?q=teamviewer+block&l=1
Blocking Teamviewer
Hi, How Do you block this trojan ;-) http://www.teamviewer.com/solutions/remoteaccess.aspx Thanks --Siju