MikroTik

Hi,
Anyone can help me to create a firewall rule to Block Teamviewer ??

Teamviewer works on port 80 to work both ways. (port 5938 is used to speed it up)

i noticed also that in every request there is a unique part in the path if this may help:
&client=DynGate&p=
and
/din.aspx ?s=
And the user agent is DynGate.
EXP: " - - - PROXIED "unavailable" - 200 TCP_NC_MISS GET application/octet-stream http xxx.xxx.xxx.xxx 80 /din.aspx ?s=10012112&id=47758753&client=DynGate&p=10000011 aspx "Mozilla/4.0 (compatible; MSIE 6.0; DynGate)" xxx.xxx.xxx.xxx 199 234 -"

Thank you in advance.

how about blocking traffic from master.dyngate.com (87.230.73.23) ?

;;; TeamView Blok
chain=forward dst-address=87.230.0.0/16
action=drop

why would you want to block this program? just curious

I am also interested in blocking Teamviewer.

someone will have some idea or solution.

Normis, this block is necessary if an employee wishes to conduct unauthorized remote access to your PC or other PC LAN.
Also need to accomplish this block here.


Gutemberg Cassiano
MegaLink Internet
www.megacampina.com.br
Paraíba-Brasil

If the users are part of a domain, you could block via group policy.

http://webcache.googleusercontent.com/s ... google.com

I blocked ports 5938 & 443 and now Teamviewer use port 80... I hate progs, witch are impossible block via RouterOS.

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...

Trying to enforce policy through blocking or other technical means is a losing battle without support from management/HR as it just becomes a game of cat & mouse.

After all if the policy is 'no personal phone calls' then you don't try and block all the phone numbers that staff might call, you manage the breaches with the support of management.

If you are in a domain environment or have other central management tool then setting a 30 minute idle sleep/hibernate would solve the problem (and save power!)

David

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...

Trying to enforce policy through blocking or other technical means is a losing battle without support from management/HR as it just becomes a game of cat & mouse.

After all if the policy is 'no personal phone calls' then you don't try and block all the phone numbers that staff might call, you manage the breaches with the support of management.

If you are in a domain environment or have other central management tool then setting a 30 minute idle sleep/hibernate would solve the problem (and save power!)

David

This, a thousand times. Don't try to solve social problems with technology tools.

How about trying with Layer 7?

Normis, this block is necessary if an employee wishes to conduct unauthorized remote access to your PC or other PC LAN.
Also need to accomplish this block here.


Gutemberg Cassiano
MegaLink Internet
http://www.megacampina.com.br
Paraíba-Brasil

Yes, same problems here.

If it is against company policy then you don't want to block it - you want to log it, present it to HR and discipline the culprit.

a couple of high profile roastings or even dismissals for a 2nd offence will solve the problem...

I disagree. It's much cheaper to block unwanted data from getting into the wrong hands (company secrets) then to dismiss a thieving employee.

maybe this will help

ros code

/ip firewall layer7-protocol
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"

maybe this will help

ros code

/ip firewall layer7-protocol
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"

not workin...
This software using HTTPS protocols so i think you're unable to block it

sorry I don't Now
but I need to block viber and Whatsapp ,, if any one have idea plz help me
Thank you

Teamviewer uses few connection servers resolved via dns. Try to fool it with static dns records leading to localhost.

Did anyone get this right? I want to mark the packages for QoS.

I would love to be able to block TeamViewer - but my situation is a little different. In my case, I am the TeamViewer user, but I want to be able to block TeamViewer unless I specifically allow it at the time - for example with a port knock to the router. For example, the computer at home can't normally see the TeamViewer system, therefore as far as TeamViewer is concerned, that computer is off-line. From a remote location, I send a port knock sequence to the router which removes the block. The computer at home is able to communicate with the TeamViewer system, and it goes "available". I can then remotely access the computer via TeamViewer.

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24

To test that, I created a passthrough firewall rule as a counter as the first rule in my forward chain. Any traffic to 188.172.217.0/24 should show up in the counter. There are two computers inside my firewall that are live on TeamViewer, so I should be counting. Zero packets after about a half hour. Sounds like TeamViewer uses multiple addresses.

It depends on where you placed your rule and what you did to test it.
Normally, a computer with Teamviewer installed and operating in host mode will make a connection to teamviewer only once after startup, and keep that open.
So a standard forward allow rule placed after the established/related rule will not count it, unless you reboot the computer or at least stop and start teamviewer.

The very first rule in the Forward chain. Made it about as simple as I could:
No connections listed to 188.172.217.xxx either.

You will have to do further research.
Check e.g. using Wireshark what DNS lookups the program does on startup.
Then you could create an address list with that DNS name.
As usual, this requires that the PC does its DNS lookups via the router too.
Even then you would need to mark connections as the result of the DNS lookup can change over time.

Think as we are not the same country.


I do more work on it