Community discussions

 
machmouche
just joined
Topic Author
Posts: 2
Joined: Thu Jul 10, 2008 9:27 am

Block Teamviewer

Wed Jan 06, 2010 11:28 am

Hi,
Anyone can help me to create a firewall rule to Block Teamviewer ??

Teamviewer works on port 80 to work both ways. (port 5938 is used to speed it up)

i noticed also that in every request there is a unique part in the path if this may help:
&client=DynGate&p=
and
/din.aspx ?s=
And the user agent is DynGate.
EXP: " - - - PROXIED "unavailable" - 200 TCP_NC_MISS GET application/octet-stream http xxx.xxx.xxx.xxx 80 /din.aspx ?s=10012112&id=47758753&client=DynGate&p=10000011 aspx "Mozilla/4.0 (compatible; MSIE 6.0; DynGate)" xxx.xxx.xxx.xxx 199 234 -"

Thank you in advance.
 
User avatar
DannyZ
Member Candidate
Member Candidate
Posts: 230
Joined: Mon Sep 07, 2009 2:21 pm
Location: Latvia

Re: Block Teamviewer

Wed Jan 06, 2010 1:32 pm

how about blocking traffic from master.dyngate.com (87.230.73.23) ?
 
maksimw
just joined
Posts: 1
Joined: Wed Oct 20, 2010 11:41 am

Re: Block Teamviewer

Wed Oct 20, 2010 11:49 am

;;; TeamView Blok
chain=forward dst-address=87.230.0.0/16
action=drop
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24190
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Block Teamviewer

Thu Oct 21, 2010 9:29 am

why would you want to block this program? just curious
No answer to your question? How to write posts
 
dsevillanos
just joined
Posts: 2
Joined: Tue May 11, 2010 7:54 pm

Re: Block Teamviewer

Wed Mar 02, 2011 6:00 pm

I am also interested in blocking Teamviewer.

someone will have some idea or solution.
 
gcassiano
just joined
Posts: 1
Joined: Fri Mar 11, 2011 6:00 pm

Re: Block Teamviewer

Fri Mar 11, 2011 6:07 pm

Normis, this block is necessary if an employee wishes to conduct unauthorized remote access to your PC or other PC LAN.
Also need to accomplish this block here.


Gutemberg Cassiano
MegaLink Internet
www.megacampina.com.br
Paraíba-Brasil
 
ciphercore
Member Candidate
Member Candidate
Posts: 155
Joined: Fri Jan 29, 2010 5:48 pm

Re: Block Teamviewer

Fri Mar 11, 2011 6:22 pm

If the users are part of a domain, you could block via group policy.

http://webcache.googleusercontent.com/s ... google.com
 
User avatar
dreamrider
newbie
Posts: 26
Joined: Mon Mar 30, 2009 11:13 pm

Re: Block Teamviewer

Wed Jul 06, 2011 5:25 pm

I blocked ports 5938 & 443 and now Teamviewer use port 80... I hate progs, witch are impossible block via RouterOS.
 
djmuk
newbie
Posts: 48
Joined: Mon Jan 18, 2010 8:48 pm

Re: Block Teamviewer

Wed Jul 06, 2011 9:23 pm

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...

Trying to enforce policy through blocking or other technical means is a losing battle without support from management/HR as it just becomes a game of cat & mouse.

After all if the policy is 'no personal phone calls' then you don't try and block all the phone numbers that staff might call, you manage the breaches with the support of management.

If you are in a domain environment or have other central management tool then setting a 30 minute idle sleep/hibernate would solve the problem (and save power!)

David
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Block Teamviewer

Wed Jul 06, 2011 10:33 pm

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...

Trying to enforce policy through blocking or other technical means is a losing battle without support from management/HR as it just becomes a game of cat & mouse.

After all if the policy is 'no personal phone calls' then you don't try and block all the phone numbers that staff might call, you manage the breaches with the support of management.

If you are in a domain environment or have other central management tool then setting a 30 minute idle sleep/hibernate would solve the problem (and save power!)

David

This, a thousand times. Don't try to solve social problems with technology tools.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
pchott
newbie
Posts: 39
Joined: Tue Apr 29, 2014 11:15 am
Location: Holzkirchen, Germany

Re: Block Teamviewer

Wed Jan 28, 2015 11:31 am

How about trying with Layer 7?
 
keema
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Thu Nov 06, 2014 12:54 pm

Re: Block Teamviewer

Wed Jan 28, 2015 1:31 pm

Normis, this block is necessary if an employee wishes to conduct unauthorized remote access to your PC or other PC LAN.
Also need to accomplish this block here.


Gutemberg Cassiano
MegaLink Internet
http://www.megacampina.com.br
Paraíba-Brasil
Yes, same problems here.
 
keema
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Thu Nov 06, 2014 12:54 pm

Re: Block Teamviewer

Wed Jan 28, 2015 1:32 pm

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...
I disagree. It's much cheaper to block unwanted data from getting into the wrong hands (company secrets) then to dismiss a thieving employee.
 
ronix
Member Candidate
Member Candidate
Posts: 152
Joined: Thu Nov 17, 2011 6:51 pm

Re: Block Teamviewer

Wed Jan 28, 2015 7:42 pm

maybe this will help

ros code

/ip firewall layer7-protocol
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: Block Teamviewer

Wed Jan 28, 2015 8:33 pm

maybe this will help

ros code

/ip firewall layer7-protocol
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"

not workin...
This software using HTTPS protocols so i think you're unable to block it :D
 
loveman
Member
Member
Posts: 323
Joined: Tue Mar 10, 2015 9:32 pm

Re: Block Teamviewer

Thu Sep 24, 2015 4:12 pm

sorry I don't Now
but I need to block viber and Whatsapp ,, if any one have idea plz help me
Thank you
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Thu Sep 24, 2015 5:52 pm

Teamviewer uses few connection servers resolved via dns. Try to fool it with static dns records leading to localhost.
 
User avatar
cyon
newbie
Posts: 31
Joined: Tue Apr 29, 2014 12:58 pm

Re: Block Teamviewer

Fri Jun 21, 2019 4:08 pm

Did anyone get this right? I want to mark the packages for QoS.
 I love Mikrotik!
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Block Teamviewer

Fri Jun 21, 2019 8:05 pm

I would love to be able to block TeamViewer - but my situation is a little different. In my case, I am the TeamViewer user, but I want to be able to block TeamViewer unless I specifically allow it at the time - for example with a port knock to the router. For example, the computer at home can't normally see the TeamViewer system, therefore as far as TeamViewer is concerned, that computer is off-line. From a remote location, I send a port knock sequence to the router which removes the block. The computer at home is able to communicate with the TeamViewer system, and it goes "available". I can then remotely access the computer via TeamViewer.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
User avatar
cyon
newbie
Posts: 31
Joined: Tue Apr 29, 2014 12:58 pm

Re: Block Teamviewer

Mon Jun 24, 2019 10:57 am

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24
 I love Mikrotik!
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Block Teamviewer

Mon Jun 24, 2019 6:02 pm

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24
To test that, I created a passthrough firewall rule as a counter as the first rule in my forward chain. Any traffic to 188.172.217.0/24 should show up in the counter. There are two computers inside my firewall that are live on TeamViewer, so I should be counting. Zero packets after about a half hour. Sounds like TeamViewer uses multiple addresses.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
pe1chl
Forum Guru
Forum Guru
Posts: 5809
Joined: Mon Jun 08, 2015 12:09 pm

Re: Block Teamviewer

Mon Jun 24, 2019 8:17 pm

It depends on where you placed your rule and what you did to test it.
Normally, a computer with Teamviewer installed and operating in host mode will make a connection to teamviewer only once after startup, and keep that open.
So a standard forward allow rule placed after the established/related rule will not count it, unless you reboot the computer or at least stop and start teamviewer.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Block Teamviewer

Mon Jun 24, 2019 8:34 pm

The very first rule in the Forward chain. Made it about as simple as I could:
add action=passthrough chain=forward comment=\
    "Counter for outbound to 188.172.217.0/24 - test for Teamviewer" \
    connection-state="" dst-address=188.172.217.0/24

No connections listed to 188.172.217.xxx either.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
pe1chl
Forum Guru
Forum Guru
Posts: 5809
Joined: Mon Jun 08, 2015 12:09 pm

Re: Block Teamviewer

Mon Jun 24, 2019 10:20 pm

You will have to do further research.
Check e.g. using Wireshark what DNS lookups the program does on startup.
Then you could create an address list with that DNS name.
As usual, this requires that the PC does its DNS lookups via the router too.
Even then you would need to mark connections as the result of the DNS lookup can change over time.
 
User avatar
cyon
newbie
Posts: 31
Joined: Tue Apr 29, 2014 12:58 pm

Re: Block Teamviewer

Tue Jun 25, 2019 12:43 pm

Think as we are not the same country.


I do more work on it
 I love Mikrotik!

Who is online

Users browsing this forum: MSN [Bot] and 24 guests