Block AnyDesk and TeamViewer

Security Firewall Rules
1

Hi.

It’s possible to block AnyDesk and TeamViewer for all networking?

I don’t use proxy in the same cases. Because of that, I need the rule to block this services for all.

It’s possible?

Like an “App Block” in SonicWall.

2

Not in IPFire, AFAIK, without a proxy.

3

But have any another solution? Another application in IPFire?

Tks.

4

Hi,

unless those applications emit some distinct network traffic or there exists some IPS rule for detecting them (perhaps within the ET policy ruleset), there is little you can do indeed. Most programs might fall back to port 443 (TCP) since it works anywhere…

If your clients legitimately run applications which work with a HTTP proxy, this might be the best solution indeed, as it allows more fine-grained traffic control.

Thanks, and best regards,
Peter Müller

5

Tks mans…

I will active proxy.,

6

Another package, not provided into IpFire, for manage that kind of things is nDPI.

1 Like
7

Hi,

personally, I never liked DPI (deep packet inspection) too much, as it is fragile, invasive and potentially dangerous since you will need to have a very close look at each packet, perhaps even need to parse it’s content.

The latter is true for IDS/IPS systems as well (and there have been some nasty security vulnerabilities here). Anyway, just wanted to add this as a footnote.

Thanks, and best regards,
Peter Müller

2 Likes
8

If you want to keep it the heck out, look at this and tweak IPFire to do this.

https://mediarealm.com.au/articles/block-teamviewer-network/

I would focus more on the network ranges than the ports, but that is me.

While your at it, add teamviewer.com to your URL Blocklist. LOL…

Eric

1 Like
9

Anydesk has also pubblic ip addresses (without domain name) for allow connection. So the list needs to be updated from time to time…

1 Like
10

This list is currently working well here :