cancel
Showing results for 
Search instead for 
Did you mean: 
doubstar
Level 8

"Block TeamViewer access"

Hi.

Does somebody have experiance with TeamViewer and MWG 7.0.

my question is i want to prevent local users using such tool without creating a AD policy for it.

Cheers.

--Said

0 Kudos
8 Replies
McAfee Employee

Re: "Block TeamViewer access"

I haven't tested this, but one approach that seemed to have worked in blocking access to URLs that match server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*, server????.teamviewer.com/* and *.dynagate.com/*

Alternatively, you also might want to block access to the following IPs, in case Teamviewer is making direct requests to IPs rather than their hostnames. The following was derived from a PHP script that does DNS Lookups for TeamViewer servers, so it represents only the ones for current servers, whereas there might be more in the future:

87.230.88.230, 87.230.88.215, 87.230.31.96, 87.230.30.220, 87.230.28.179, 87.230.89.165, 87.230.89.199, 87.230.90.185, 87.230.90.195, 87.230.90.28, 87.230.90.68, 87.230.90.85, 80.237.157.95, 87.230.29.60, 87.230.30.168, 87.230.89.57, 80.237.220.185, 88.198.47.245, 88.198.52.23, 70.38.71.102, 70.38.38.104, 70.38.38.205, 70.38.37.232, 178.16.16.120, 178.16.16.123, 178.16.16.124, 178.16.16.125, 178.16.16.126, 178.16.16.147, 178.16.16.148, 178.16.16.149, 178.16.16.150, 178.16.16.151, 87.106.227.193, 87.106.191.62, 87.106.57.100, 87.106.57.26, 87.106.94.240, 62.75.215.172, 62.75.215.179, 62.75.215.12, 217.172.180.120, 217.172.180.126, 217.172.180.127, 217.172.186.70, 85.25.136.77, 62.75.204.29, 62.75.204.26, 85.25.138.198, 62.75.218.27, 62.75.218.37, 85.25.8.89, 62.75.219.137, 85.25.143.170, 85.25.144.186, 85.25.145.115, 85.25.145.118, 85.25.145.152, 85.25.145.184, 85.25.146.86, 85.25.146.81, 85.25.146.173, 85.25.146.182, 85.25.147.164, 85.25.147.163, 85.25.147.110, 85.25.148.164, 85.25.148.229, 85.25.20.162, 85.25.20.147, 85.25.20.143, 62.75.220.79, 85.25.147.56, 85.25.147.123, 85.25.147.92, 85.25.144.115, 85.25.143.69, 85.25.144.204, 217.172.187.56, 85.25.6.41, 85.25.17.192, 85.25.20.198, 62.75.246.73, 62.75.246.130, 62.75.246.150, 62.75.246.153, 85.25.7.110, 85.25.144.143, 85.25.144.184, 85.25.144.238, 85.25.147.95, 62.75.224.173, 62.75.216.96, 62.75.204.64, 62.75.218.135, 62.75.218.122, 85.25.11.23, 202.71.106.121, 124.217.254.51, 124.217.230.168, 124.217.230.170, 124.217.230.174, 124.217.230.61, 180.189.153.130, 180.189.153.254, 180.189.153.238, 188.120.245.134, 188.120.245.54, 188.120.246.231, 188.120.245.139, 95.168.195.17, 92.55.144.163, 193.105.239.162, 193.105.239.167, 193.105.239.172, 193.33.114.233, 193.33.114.231, 193.33.114.232, 193.33.114.239, 193.33.115.23, 193.33.115.24, 193.33.115.32, 193.33.115.33, 193.33.115.35, 193.33.115.36, 209.160.65.70, 85.214.125.63, 81.169.129.118, 81.169.130.41, 81.169.179.174, 85.214.101.5, 85.214.116.83, 85.214.128.214, 85.214.129.237, 85.214.130.111, 85.214.132.184, 85.214.132.189, 85.214.132.241, 85.214.142.107, 85.214.40.132, 85.214.44.93, 85.214.58.253, 85.214.70.157, 85.214.82.143, 85.214.90.202, 85.214.93.56, 85.214.66.183, 85.214.19.216, 81.169.178.222, 81.169.186.58, 85.214.151.174, 85.214.151.176, 85.214.151.175, 85.214.90.192, 81.169.168.53, 85.214.154.223, 85.214.154.224, 85.214.17.204, 85.214.118.112, 85.214.130.3, 85.214.124.143, 85.214.138.185, 85.214.38.101, 85.214.42.177, 85.214.46.199, 85.214.142.11, 85.214.142.10, 85.214.141.246, 81.169.162.80, 81.169.142.213, 85.214.69.47, 85.214.66.74, 85.214.66.195, 85.214.120.118, 85.214.130.209, 85.214.78.52, 202.215.179.115, 202.215.179.116, 163.43.132.35, 163.43.132.36, 163.43.132.37, 163.43.132.38, 163.43.132.39, 69.64.76.102, 69.64.76.47, 69.64.74.104, 85.17.136.68, 85.17.136.97, 85.17.136.103, 85.17.87.146, 82.192.88.16, 95.211.6.137, 95.211.0.165, 95.211.6.8, 95.211.8.130, 196.46.189.162, 87.117.196.56, 78.129.159.162, 78.129.221.14, 189.1.164.112, 212.34.151.210, 212.34.151.191, 212.34.151.211, 212.34.151.196, 212.34.151.197, 82.102.30.166, 82.102.30.159, 82.102.30.161, 82.102.30.163, 91.121.112.194, 91.121.27.94, 91.121.4.185, 91.121.117.40, 91.121.21.25, 91.121.66.199, 91.121.94.131, 94.23.30.28, 91.121.176.62, 91.121.168.135, 94.23.47.172, 91.121.159.24, 91.121.90.53, 94.23.14.193, 94.23.14.201, 91.121.168.122, 94.23.209.122, 91.121.159.45, 91.121.160.140, 94.23.211.125, 94.23.204.77, 94.23.234.190, 94.23.234.192, 91.121.220.14, 91.121.161.117, 91.121.155.190, 188.165.201.126, 188.165.201.130, 91.121.160.163, 91.121.164.120, 91.121.164.219, 91.121.165.132, 151.1.182.135, 151.1.182.148, 151.1.182.151, 118.127.28.90, 77.223.130.60, 77.223.130.61, 77.223.130.62, 77.223.130.63, 77.223.130.64, 77.223.130.65, 77.223.130.66, 77.223.130.67, 77.223.130.68, 77.223.130.69, 93.189.33.203, 93.189.33.87, 93.189.33.76, 93.189.33.205, 93.189.33.3, 93.189.33.16, 208.116.2.90, 65.98.124.154, 69.72.225.186, 65.98.84.202, 65.98.68.66, 208.116.61.130, 208.116.61.66, 65.98.30.242, 69.72.221.50, 69.57.189.234, 193.218.154.172, 193.218.153.83, 91.199.22.122, 91.123.196.194, 91.123.196.206, 69.72.184.146, 69.72.184.138, 69.72.184.130, 69.72.184.122, 69.72.184.114, 69.72.184.106, 69.72.184.98, 69.72.184.90, 69.72.184.82, 69.72.184.74, 64.235.44.58, 64.235.55.114, 216.108.224.220, 216.108.224.222, 216.108.224.216, 216.108.224.214, 216.108.224.212, 216.108.224.208, 216.108.224.210, 216.108.224.206, 216.108.224.204, 216.108.224.202, 212.235.54.198, 209.239.112.116, 209.239.112.125, 209.239.112.126, 209.239.112.132, 209.239.112.194, 209.239.112.193, 209.239.112.199, 209.239.112.181, 209.239.112.160, 209.239.112.165, 69.64.38.54, 69.64.39.3, 209.239.112.124, 69.64.43.60, 69.64.48.243, 69.64.39.66, 69.64.63.138, 69.64.63.143, 209.239.112.17, 209.239.112.93, 209.239.112.122, 209.239.112.131, 69.64.52.200, 69.64.52.202, 209.239.112.113, 69.64.52.201, 69.64.46.110, 69.64.43.19, 209.239.112.140, 121.242.207.29, 111.118.177.66, 111.118.177.70, 204.45.72.130

In essence, a rule like

URL.HOST matches in list TeamViewerServer (server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*,server????.teamviewer.com/*, *.dynagate.com/*) OR URL.HOST is in list TeamVieverIPs ('all of the above') BLOCK.

good luck,

Michael

0 Kudos
doubstar
Level 8

Re: "Block TeamViewer access"

Hi Michael,

i really appreciate your answer. very clear without a doubt.

after i have test this scenario ill put some feedback in here

Cheers,

-- Said

Message was edited by: doubstar on 11/16/11 5:39:04 AM CST
0 Kudos
schecka
Level 9

Re: "Block TeamViewer access"

actually, we found that if you are using the web gateways SSL scanner, the teamv9iewe rtraffic will get blocked/fail automatically. reason is that team viewer is trying to send their own protocol inside the SSL tunnel and as soon as web gateway looks inside, it will block it ;-)

0 Kudos
fschulte
Level 10

Re: "Block TeamViewer access"

Yes, that makes sense. TeamViewer correctly detects MWG as "Man in the Middle" due to the certificate change and closes the connection.

0 Kudos
McAfee Employee

Re: "Block TeamViewer access"

which is generically true for all proprietary encrypted traffic. Proprietary means that key are hardcoded and can't be intercepted. SSL Scanner will block then, as it simply can't exchange keys with the counter part on the server side.

There are other threads in the forum and the blog discussing, e.g. Skype.

Michael

0 Kudos
wajeeh_r
Level 9

Re: "Block TeamViewer access"

Dear Sir,

Can you help for this case ? I need to block this application so that no one would be able to connect to his computer from outside

0 Kudos

Re: "Block TeamViewer access"

Good morning,

Looking better understand the situation I found this link that was of great value.

http://blog.accuvant.com/bthomasaccuvant/teamviewer-authentication-protocol-part-1-of-3/

In it a study of the reverse engineering team viewer was performed and explained a lot to me.

After seeing him and try to find a way to block I concluded that blocking url's 16 Team Viewer would not connect anymore.

master1.teamviewer.com

master2.teamviewer.com

master3.teamviewer.com

master4.teamviewer.com

master5.teamviewer.com

master6.teamviewer.com

master7.teamviewer.com

master8.teamviewer.com

master9.teamviewer.com

master10.teamviewer.com

master11.teamviewer.com

master12.teamviewer.com

master13.teamviewer.com

master14.teamviewer.com

master15.teamviewer.com

master16.teamviewer.com

Team Viewer demand any connections, if you have any outlet that reaches the destination he had used.

MWG also causes the block with the "Remote Access" category

Hope that helps

0 Kudos
mhackett71
Level 7

Re: "Block TeamViewer access"

We block that site per Categorization :

Categorized URL- Remote Access

Default Cat Blocklist

URL.Categories <default> at least one in list <Default Catgory Blocklist>(Category)

That way you block teamviewer but also other intimate portals that the endusers may find,, DynDns type sites also,,

0 Kudos