8 Replies Latest reply on May 9, 2014 1:41 PM by mhackett71

    "Block TeamViewer access"

      Hi.

       

      Does somebody have experiance with TeamViewer and MWG 7.0.

      my question is i want to prevent local users using such tool without creating a AD policy for it.

       

      Cheers.

       

       

      --Said

        • 1. Re: "Block TeamViewer access"
          michael_schneider

          I haven't tested this, but one approach that seemed to have worked in blocking access to URLs that match server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*, server????.teamviewer.com/* and *.dynagate.com/*

           

          Alternatively, you also might want to block access to the following IPs, in case Teamviewer is making direct requests to IPs rather than their hostnames. The following was derived from a PHP script that does DNS Lookups for TeamViewer servers, so it represents only the ones for current servers, whereas there might be more in the future:

           

          87.230.88.230, 87.230.88.215, 87.230.31.96, 87.230.30.220, 87.230.28.179, 87.230.89.165, 87.230.89.199, 87.230.90.185, 87.230.90.195, 87.230.90.28, 87.230.90.68, 87.230.90.85, 80.237.157.95, 87.230.29.60, 87.230.30.168, 87.230.89.57, 80.237.220.185, 88.198.47.245, 88.198.52.23, 70.38.71.102, 70.38.38.104, 70.38.38.205, 70.38.37.232, 178.16.16.120, 178.16.16.123, 178.16.16.124, 178.16.16.125, 178.16.16.126, 178.16.16.147, 178.16.16.148, 178.16.16.149, 178.16.16.150, 178.16.16.151, 87.106.227.193, 87.106.191.62, 87.106.57.100, 87.106.57.26, 87.106.94.240, 62.75.215.172, 62.75.215.179, 62.75.215.12, 217.172.180.120, 217.172.180.126, 217.172.180.127, 217.172.186.70, 85.25.136.77, 62.75.204.29, 62.75.204.26, 85.25.138.198, 62.75.218.27, 62.75.218.37, 85.25.8.89, 62.75.219.137, 85.25.143.170, 85.25.144.186, 85.25.145.115, 85.25.145.118, 85.25.145.152, 85.25.145.184, 85.25.146.86, 85.25.146.81, 85.25.146.173, 85.25.146.182, 85.25.147.164, 85.25.147.163, 85.25.147.110, 85.25.148.164, 85.25.148.229, 85.25.20.162, 85.25.20.147, 85.25.20.143, 62.75.220.79, 85.25.147.56, 85.25.147.123, 85.25.147.92, 85.25.144.115, 85.25.143.69, 85.25.144.204, 217.172.187.56, 85.25.6.41, 85.25.17.192, 85.25.20.198, 62.75.246.73, 62.75.246.130, 62.75.246.150, 62.75.246.153, 85.25.7.110, 85.25.144.143, 85.25.144.184, 85.25.144.238, 85.25.147.95, 62.75.224.173, 62.75.216.96, 62.75.204.64, 62.75.218.135, 62.75.218.122, 85.25.11.23, 202.71.106.121, 124.217.254.51, 124.217.230.168, 124.217.230.170, 124.217.230.174, 124.217.230.61, 180.189.153.130, 180.189.153.254, 180.189.153.238, 188.120.245.134, 188.120.245.54, 188.120.246.231, 188.120.245.139, 95.168.195.17, 92.55.144.163, 193.105.239.162, 193.105.239.167, 193.105.239.172, 193.33.114.233, 193.33.114.231, 193.33.114.232, 193.33.114.239, 193.33.115.23, 193.33.115.24, 193.33.115.32, 193.33.115.33, 193.33.115.35, 193.33.115.36, 209.160.65.70, 85.214.125.63, 81.169.129.118, 81.169.130.41, 81.169.179.174, 85.214.101.5, 85.214.116.83, 85.214.128.214, 85.214.129.237, 85.214.130.111, 85.214.132.184, 85.214.132.189, 85.214.132.241, 85.214.142.107, 85.214.40.132, 85.214.44.93, 85.214.58.253, 85.214.70.157, 85.214.82.143, 85.214.90.202, 85.214.93.56, 85.214.66.183, 85.214.19.216, 81.169.178.222, 81.169.186.58, 85.214.151.174, 85.214.151.176, 85.214.151.175, 85.214.90.192, 81.169.168.53, 85.214.154.223, 85.214.154.224, 85.214.17.204, 85.214.118.112, 85.214.130.3, 85.214.124.143, 85.214.138.185, 85.214.38.101, 85.214.42.177, 85.214.46.199, 85.214.142.11, 85.214.142.10, 85.214.141.246, 81.169.162.80, 81.169.142.213, 85.214.69.47, 85.214.66.74, 85.214.66.195, 85.214.120.118, 85.214.130.209, 85.214.78.52, 202.215.179.115, 202.215.179.116, 163.43.132.35, 163.43.132.36, 163.43.132.37, 163.43.132.38, 163.43.132.39, 69.64.76.102, 69.64.76.47, 69.64.74.104, 85.17.136.68, 85.17.136.97, 85.17.136.103, 85.17.87.146, 82.192.88.16, 95.211.6.137, 95.211.0.165, 95.211.6.8, 95.211.8.130, 196.46.189.162, 87.117.196.56, 78.129.159.162, 78.129.221.14, 189.1.164.112, 212.34.151.210, 212.34.151.191, 212.34.151.211, 212.34.151.196, 212.34.151.197, 82.102.30.166, 82.102.30.159, 82.102.30.161, 82.102.30.163, 91.121.112.194, 91.121.27.94, 91.121.4.185, 91.121.117.40, 91.121.21.25, 91.121.66.199, 91.121.94.131, 94.23.30.28, 91.121.176.62, 91.121.168.135, 94.23.47.172, 91.121.159.24, 91.121.90.53, 94.23.14.193, 94.23.14.201, 91.121.168.122, 94.23.209.122, 91.121.159.45, 91.121.160.140, 94.23.211.125, 94.23.204.77, 94.23.234.190, 94.23.234.192, 91.121.220.14, 91.121.161.117, 91.121.155.190, 188.165.201.126, 188.165.201.130, 91.121.160.163, 91.121.164.120, 91.121.164.219, 91.121.165.132, 151.1.182.135, 151.1.182.148, 151.1.182.151, 118.127.28.90, 77.223.130.60, 77.223.130.61, 77.223.130.62, 77.223.130.63, 77.223.130.64, 77.223.130.65, 77.223.130.66, 77.223.130.67, 77.223.130.68, 77.223.130.69, 93.189.33.203, 93.189.33.87, 93.189.33.76, 93.189.33.205, 93.189.33.3, 93.189.33.16, 208.116.2.90, 65.98.124.154, 69.72.225.186, 65.98.84.202, 65.98.68.66, 208.116.61.130, 208.116.61.66, 65.98.30.242, 69.72.221.50, 69.57.189.234, 193.218.154.172, 193.218.153.83, 91.199.22.122, 91.123.196.194, 91.123.196.206, 69.72.184.146, 69.72.184.138, 69.72.184.130, 69.72.184.122, 69.72.184.114, 69.72.184.106, 69.72.184.98, 69.72.184.90, 69.72.184.82, 69.72.184.74, 64.235.44.58, 64.235.55.114, 216.108.224.220, 216.108.224.222, 216.108.224.216, 216.108.224.214, 216.108.224.212, 216.108.224.208, 216.108.224.210, 216.108.224.206, 216.108.224.204, 216.108.224.202, 212.235.54.198, 209.239.112.116, 209.239.112.125, 209.239.112.126, 209.239.112.132, 209.239.112.194, 209.239.112.193, 209.239.112.199, 209.239.112.181, 209.239.112.160, 209.239.112.165, 69.64.38.54, 69.64.39.3, 209.239.112.124, 69.64.43.60, 69.64.48.243, 69.64.39.66, 69.64.63.138, 69.64.63.143, 209.239.112.17, 209.239.112.93, 209.239.112.122, 209.239.112.131, 69.64.52.200, 69.64.52.202, 209.239.112.113, 69.64.52.201, 69.64.46.110, 69.64.43.19, 209.239.112.140, 121.242.207.29, 111.118.177.66, 111.118.177.70, 204.45.72.130

           

          In essence, a rule like

          URL.HOST matches in list TeamViewerServer (server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*,server????.teamviewer.com/*, *.dynagate.com/*) OR URL.HOST is in list TeamVieverIPs ('all of the above') BLOCK.

           

          good luck,

          Michael

          • 2. Re: "Block TeamViewer access"

            Hi Michael,

             

            i really appreciate your answer. very clear without a doubt.

             

            after i have test this scenario ill put some feedback in here

             

            Cheers,

             

             

            -- Said

             

            Message was edited by: doubstar on 11/16/11 5:39:04 AM CST
            • 3. Re: "Block TeamViewer access"

              actually, we found that if you are using the web gateways SSL scanner, the teamv9iewe rtraffic will get blocked/fail automatically. reason is that team viewer is trying to send their own protocol inside the SSL tunnel and as soon as web gateway looks inside, it will block it ;-)

              • 4. Re: "Block TeamViewer access"
                fschulte

                Yes, that makes sense. TeamViewer correctly detects MWG as "Man in the Middle" due to the certificate change and closes the connection.

                • 5. Re: "Block TeamViewer access"
                  michael_schneider

                  which is generically true for all proprietary encrypted traffic. Proprietary means that key are hardcoded and can't be intercepted. SSL Scanner will block then, as it simply can't exchange keys with the counter part on the server side.

                  There are other threads in the forum and the blog discussing, e.g. Skype.

                  Michael

                  • 6. Re: "Block TeamViewer access"
                    wajeeh_r

                    Dear Sir,

                     

                    Can you help for this case ? I need to block this application so that no one would be able to connect to his computer from outside

                    • 7. Re: "Block TeamViewer access"
                      wemerson.vieira

                      Good morning,

                      Looking better understand the situation I found this link that was of great value.

                      http://blog.accuvant.com/bthomasaccuvant/teamviewer-authentication-protocol-part -1-of-3/

                      In it a study of the reverse engineering team viewer was performed and explained a lot to me.

                      After seeing him and try to find a way to block I concluded that blocking url's 16 Team Viewer would not connect anymore.

                       

                      master1.teamviewer.com

                      master2.teamviewer.com

                      master3.teamviewer.com

                      master4.teamviewer.com

                      master5.teamviewer.com

                      master6.teamviewer.com

                      master7.teamviewer.com

                      master8.teamviewer.com

                      master9.teamviewer.com

                      master10.teamviewer.com

                      master11.teamviewer.com

                      master12.teamviewer.com

                      master13.teamviewer.com

                      master14.teamviewer.com

                      master15.teamviewer.com

                      master16.teamviewer.com

                       

                      Team Viewer demand any connections, if you have any outlet that reaches the destination he had used.

                      MWG also causes the block with the "Remote Access" category

                       

                       

                      Hope that helps

                      • 8. Re: "Block TeamViewer access"
                        mhackett71

                        We block that site per Categorization :

                        Categorized URL- Remote Access

                         

                         

                        Default Cat Blocklist

                        URL.Categories <default> at least one in list <Default Catgory Blocklist>(Category)

                         

                        That way you block teamviewer but also other intimate portals that the endusers may find,, DynDns type sites also,,