Block Teamviewer

RouterOS General
1

Hi,
Anyone can help me to create a firewall rule to Block Teamviewer ??

Teamviewer works on port 80 to work both ways. (port 5938 is used to speed it up)

i noticed also that in every request there is a unique part in the path if this may help:
&client=DynGate&p=
and
/din.aspx ?s=
And the user agent is DynGate.
EXP: " - - - PROXIED “unavailable” - 200 TCP_NC_MISS GET application/octet-stream http xxx.xxx.xxx.xxx 80 /din.aspx ?s=10012112&id=47758753&client=DynGate&p=10000011 aspx “Mozilla/4.0 (compatible; MSIE 6.0; DynGate)” xxx.xxx.xxx.xxx 199 234 -"

Thank you in advance.

2

how about blocking traffic from master.dyngate.com (87.230.73.23) ?

3

;;; TeamView Blok
chain=forward dst-address=87.230.0.0/16
action=drop

4

why would you want to block this program? just curious

5

I am also interested in blocking Teamviewer.

someone will have some idea or solution.

6

Normis, this block is necessary if an employee wishes to conduct unauthorized remote access to your PC or other PC LAN.
Also need to accomplish this block here.


Gutemberg Cassiano
MegaLink Internet
www.megacampina.com.br
Paraíba-Brasil

7

If the users are part of a domain, you could block via group policy.

http://webcache.googleusercontent.com/search?q=cache:8f77FP96-a0J:pages.videojug.com/pages/718-Blocking-TeamViewer-using-Group-Policy-+blocking+teamviewer&cd=2&hl=en&ct=clnk&source=www.google.com

8

I blocked ports 5938 & 443 and now Teamviewer use port 80… I hate progs, witch are impossible block via RouterOS.

9

If it is against company policy then you don’t want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem…

Trying to enforce policy through blocking or other technical means is a losing battle without support from management/HR as it just becomes a game of cat & mouse.

After all if the policy is ‘no personal phone calls’ then you don’t try and block all the phone numbers that staff might call, you manage the breaches with the support of management.

If you are in a domain environment or have other central management tool then setting a 30 minute idle sleep/hibernate would solve the problem (and save power!)

David

10

This, a thousand times. Don’t try to solve social problems with technology tools.

11

How about trying with Layer 7?

12

Yes, same problems here.

13

I disagree. It’s much cheaper to block unwanted data from getting into the wrong hands (company secrets) then to dismiss a thieving employee.

14

maybe this will help
/ip firewall layer7-protocol
add name=teamviewer regexp=“^(post|get) /d(out|in).aspx?.*client=dyngate”

15

not workin…
This software using HTTPS protocols so i think you’re unable to block it :smiley:

16

sorry I don’t Now
but I need to block viber and Whatsapp , if any one have idea plz help me
Thank you

17

Teamviewer uses few connection servers resolved via dns. Try to fool it with static dns records leading to localhost.

18

Did anyone get this right? I want to mark the packages for QoS.

19

I would love to be able to block TeamViewer - but my situation is a little different. In my case, I am the TeamViewer user, but I want to be able to block TeamViewer unless I specifically allow it at the time - for example with a port knock to the router. For example, the computer at home can’t normally see the TeamViewer system, therefore as far as TeamViewer is concerned, that computer is off-line. From a remote location, I send a port knock sequence to the router which removes the block. The computer at home is able to communicate with the TeamViewer system, and it goes “available”. I can then remotely access the computer via TeamViewer.

20

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24