I would really want that feature, too.
We are managing some of our clients with Teamviewer and it would be great if we could block Teamviewer when not in use.
It's not a simple matter of blocking ports.
Teamviewer uses port 80 / 443 tcp as well as a proprietory port (5938 tcp) that can be used to establish a connection from client to TS-keepalive server or direct peer-to-peer connections (if this port is forwarded to the client). Behind a non-transparent proxy you have to set teamviewer up to use the proxy, of course.
What we would need is a means to let the web-proxy inspect and distiguish the teamviewer traffic from "normal" websurfing.
I belive that this would be usefull for filtering quite a number of other applications as well that can be "tunneled" through port 80.
Hi, I must be missing something in my use of teamviewer, it requires the user to permit access to their PC, if the source url is blocked then the connection cannot be established.
you can set up TV not to ask the user for permission.
But either way I wouldn't know how to block incoming connections as they are established in a "skype-ish" manner, as far as I know. I think the central TV-servers act as some kind of mediation servers. There is, however, the possibility to establish direct peer-to-peer connections which would require a port-forwarding and is hardly suitable for situations with more than one managed client behind a single firewall.
At least that's my understanding.
Frankly, teamviewer is not very talkative on how they do things. I couldn't find a detailed description anywhere on the net and their support was rather secretive too.
Well, let's face it, WE are kind of the enemy as Teamviewer claims to work behind 90% of all firewalls that allow access to any->80tcp/443tcp with or without proxy.
On the other hand: That's what Skype told, too and ASG got them :-)
Astaro blocks Skype and other IM/P2P applications based on the same engine that does Intrusion Protection. If one of the existing IM/P2P blocks won't stop TeamViewer, then I don't think there's an Astaro solution until Astaro brings back the ability to add additional rules to IPS.
I think this is a VERY serious threat that needs attention.
Our customers are paying a lot of money and effort on preventing users from stealing information. However, right now, all the user has to do is start a program like teamviewer (which doesn't even need administrator-rights on Windows) and let someone on the outside in. And astaro can do nothing to prevent this
So far I have found no way to control Teamviewer.
If someone else has, please let me know.
Transparent proxy:
In web sec:
1. turn on httpS scan (don't forget - instal certificate via MMC)
2. and block categories: Remote Access, Information Security, Anonymizers, Anonymizing Utilities
check PF rules-
1.closed ports 5938
and
2. rules for terminal app (vnc, rdp.. etc) - disable. CLOSE ports
