Hey guys
Been trying to get this to work, with no luck. I want to block teamviewer and others like it from behind my network.
I've tried a squid acl, again, no luck.
Also, i dont even know if this is used for the proxy of outgoing info for the clients behind the ClearOS, just been googling and stuff.
Is there another way? Snort? Iptables, etc?
Been trying to get this to work, with no luck. I want to block teamviewer and others like it from behind my network.
I've tried a squid acl, again, no luck.
acl teamviewer browser DynGate
acl teamviewer-b dstdomain .teamviewer.com
acl teamviewer-reg url_regex teamviewer.com
acl teamviewer-in url_regex din\.aspx\?s=[0-9]+&id=[0-9]+&client=DynGate(&rnd=[0-9]+)?&p=[0-9]+
acl teamviewer-out url_regex dout\.aspx\?s=[0-9]+&p=[0-9]+&client=DynGate
http_access deny teamviewer
http_access deny teamviewer-b
http_access deny teamviewer-reg
http_access deny teamviewer-in
http_access deny teamviewer-out
Also, i dont even know if this is used for the proxy of outgoing info for the clients behind the ClearOS, just been googling and stuff.
Is there another way? Snort? Iptables, etc?
Share this post:
Responses (3)
-
Accepted Answer
Hello,
You only want to block the application?
Team Viewer web want to keep running normal?
This is an excerpt from the log file viewer team:
Start: 08/07/2013 16:37:31.648
Version: 8.0.19617
ID: 0
Loglevel: Info (100)
License: 0
Server: master15.teamviewer.com
IC: -1157366068
master15.teamviewer.com this is the ip: 178.77.120.6
If you block only this range: 178.77.120.0/24
succeeded this
Intrusion detection would be possible to block threats or invasions would not be ideal for what you want to believe
Be sure to ask questions, and forgive my bad English -
Accepted Answer
Hey Thiago
Thanks, those work so for now i will have to do it this way.
I was looking for a deeper scan, still allowing normal http access and stuff, but not allowing the actual application to run.
Emerging Threats POLICY rules pick up the application usage over the network, but i don't know how to take that rule and turn it into a block (Snort rules)
Something like the BLOCK rules from Emerging Threats. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »