Re: Blocking Teamviewer
teamviewer access over all-too-common firewall .
it is convinient ,but it is dangerous to company .
in my intranet experiment ,
i manage to prevent access from windows81's teamviewer
to linux's teamviewer.
i touch squid after long iinterval , so there perhaps are mistakes . the
followings may be false illusion .
after serching internet ,my setting is next.
internet
|
|
wifi router---windows81
|
|
urtwn0 dhcp
openbsd
fxp0 192.168.64.1/24(dhcpd)
|
|
dhcp
linux
(firefox edit>preference>adavance>setting>http proxy 192.168.64.1 port 3128
1st
# ./comment-out.bat /etc/squid/squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/squid/cache
refresh_pattern ^ftp: 144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 432
2nd
# ./comment-out.bat
/etc/pf.conf
ext_if="urtwn0"
int_if="fxp0"
set skip on lo
set skip on {pfsync}
set reassemble yes no-df
pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1
port 3128
pass out quick from 127.0.0.1 divert-reply
3rd
linux access internet .
---
tuyosi takesima
Re: Blocking Teamviewer
On Fri, Mar 26, 2010 at 10:33 PM, matteo filippetto wrote: > 2010/3/26 sonjaya > my teamviewer works correctly with host serverXXX.teamviewer.com and port 5938 You should block also that port. Thanks Sonjaya and Matteo let me try them :-) --Siju
Re: Blocking Teamviewer
2010/3/26 sonjaya > i try update this threads > > in my network using squid proxy for all internet access > after capture the access.log > teamviewer have several server > > main server teamviewer > 1. http://ping3.dyngate.com > 2. masterxx.teamviewer.com > where xxx = 1 until 17 > so become master1.teamviewer.com until master17.teamviewer.com > > so i made block dst domain in squid.conf . > and teamviewer client can't working. > i try scan port was using for teamviewer server > # nmap ping3.dyngate.com > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT > Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. > Interesting ports on server340.teamviewer.com (85.25.143.69): > Not shown: 997 filtered ports > PORT STATE SERVICE > 80/tcp open http > 843/tcp open unknown > 3389/tcp open ms-term-serv > > Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds > > # nmap master1.teamviewer.com > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT > Interesting ports on master.dyngate.com (87.230.73.23): > Not shown: 998 filtered ports > PORTSTATE SERVICE > 80/tcp open http > 843/tcp open unknown > > ini hasil scan client teamviewer > # nmap 124.217.230.1xx > > Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT > Interesting ports on server404.teamviewer.com (124.217.230.174): > Not shown: 997 filtered ports > PORT STATE SERVICE > 80/tcp open http > 843/tcp open unknown > 3389/tcp open ms-term-serv > > > > Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds > > so add in pf for blockerd port 843 & 3389 > > just that and teamviewer client can't working > i hope this will be blocked teamviewer. > > On Sat, Mar 20, 2010 at 1:22 AM, Siju George wrote: > > On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley < > steve.shock...@shockley.net> > >> Presumably you're trying to block it with an OpenBSD firewall. > >> > > > > Yes :-) > > > >>Analyze the > >> protocol, you can probably stop it with a transparent proxy that > disallows > >> CONNECT requests. > >> > > > > Could you please explain? > > > >> Or, http://lmgtfy.com/?q=teamviewer+block&l=1 > >> > > > > The first thing I did :-) > > > > thanks > > > > --Siju > > > > > > > > -- > sonjaya > http://www.sharenupload.com > > Hi, my teamviewer works correctly with host serverXXX.teamviewer.com and port 5938 You should block also that port. Best regards -- Matteo Filippetto
Re: Blocking Teamviewer
i try update this threads in my network using squid proxy for all internet access after capture the access.log teamviewer have several server main server teamviewer 1. http://ping3.dyngate.com 2. masterxx.teamviewer.com where xxx = 1 until 17 so become master1.teamviewer.com until master17.teamviewer.com so i made block dst domain in squid.conf . and teamviewer client can't working. i try scan port was using for teamviewer server # nmap ping3.dyngate.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. Interesting ports on server340.teamviewer.com (85.25.143.69): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds # nmap master1.teamviewer.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Interesting ports on master.dyngate.com (87.230.73.23): Not shown: 998 filtered ports PORTSTATE SERVICE 80/tcp open http 843/tcp open unknown ini hasil scan client teamviewer # nmap 124.217.230.1xx Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT Interesting ports on server404.teamviewer.com (124.217.230.174): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds so add in pf for blockerd port 843 & 3389 just that and teamviewer client can't working i hope this will be blocked teamviewer. On Sat, Mar 20, 2010 at 1:22 AM, Siju George wrote: > On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley >> Presumably you're trying to block it with an OpenBSD firewall. >> > > Yes :-) > >>Analyze the >> protocol, you can probably stop it with a transparent proxy that disallows >> CONNECT requests. >> > > Could you please explain? > >> Or, http://lmgtfy.com/?q=teamviewer+block&l=1 >> > > The first thing I did :-) > > thanks > > --Siju > > -- sonjaya http://www.sharenupload.com
Re: Blocking Teamviewer
On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley > Presumably you're trying to block it with an OpenBSD firewall. > Yes :-) >Analyze the > protocol, you can probably stop it with a transparent proxy that disallows > CONNECT requests. > Could you please explain? > Or, http://lmgtfy.com/?q=teamviewer+block&l=1 > The first thing I did :-) thanks --Siju
Re: Blocking Teamviewer
On 3/19/2010 12:30 PM, Siju George wrote: How Do you block this trojan ;-) http://www.teamviewer.com/solutions/remoteaccess.aspx Presumably you're trying to block it with an OpenBSD firewall. Analyze the protocol, you can probably stop it with a transparent proxy that disallows CONNECT requests. Or, http://lmgtfy.com/?q=teamviewer+block&l=1
Blocking Teamviewer
Hi, How Do you block this trojan ;-) http://www.teamviewer.com/solutions/remoteaccess.aspx Thanks --Siju
