This article explains how to accurately block all TeamViewer remote connections on your network. We include information on the TeamViewer Port, IP Addresses, and DNS Records needed to block this application. These instructions should protect you against all usage of this common remote desktop application.
Shows your IP address ShowIP is a simple tool, that shows your current IP-address. It runs in the system tray and shows your computer name and IP address when double-clicked. You can then choose to copy your IP to the clipboard. In addition to the local (LAN) IP, it also shows the external (WAN) IP address which can be useful if you are behind. These servers use a number of different IP address ranges, which are also frequently changing. As such, we are unable to provide a list of our server IPs. However, all of our IP addresses have PTR records that resolve to.teamviewer.com. You can use this to restrict the destination IP addresses that you allow through your firewall or proxy server.
IP Location Lookup. Our IP Address lookup location tool allows you to get an idea of geolocation of an internet user if you know his IP address. Results of IP address lookup will show country, region, city, ISP, TimeZone, Currency, Dailing code etc. Visit what is my ip live home page to check your own public and local IPv4 and IPv6 address. TeamViewer allows you to connect to a remote computer. It is like you are sitting behind this remote computer yourself, in other words, you will be using the account of your boyfriend and his internet connection and therefore his IP address will be logged. So, because TeamViewer client must be connected first to the TeamViewer server, we can use another aproach, that is blocking every dns request for the.teamviewer.com and/or.dyngate.com. Second Step block IP Address Range. The TeamViewer IP Address Range is.
TeamViewer requires no configuration or any special firewall rules to allow it to connect. All a user need to do is to download the EXEs from the website and run them – this makes it very easy for anyone to setup and to circumvent security restrictions. Corporate networks probably don’t want to allow such easy remote access. With such an easy installation process, how do you block TeamViewer?
Step 0: Policy
Ensure you are entitled to block this application and your end-users are aware of your corporate policy against this sort of access. You should always have written policy to back up these enforcements.
Step 1: DNS Block
The first step is to block the resolution of DNS records on the teamviewer.com domain. If you run your own DNS server (such as an Active Directory server) then this is easy.
- Open your DNS Management Console
- Create a top-level record for ‘teamviewer.com’.
- Do nothing else. By pointing this record nowhere you will stop connections to this domain and all of it’s subdomains
Step 2: Check Clients Can’t Connect to External DNS Servers
Ensure the only DNS connections allowed on your network are to your own internal DNS servers (which contain this dummy-record). This removes the possibility of the TeamViewer client checking DNS records against their own servers, instead of yours.
- Log into your Firewall or Router
- Add a new outgoing firewall rule to disallow TCP & UDP port 53 from all source IP addresses, EXCEPT the addresses of your own DNS servers.
This means clients will now only be able to resolve the DNS records you allow through your own DNS server (and these servers can forward requests on to external servers, of course).
Step 3: Block Access to TeamViewer IP Address Range
The TeamViewer client will still sometimes be able to connect to known IP Addresses, despite the DNS Record being blocked. To overcome this, you need to block access to their IP Address range.
- Log into your Firewall or Router
- Add a new outgoing firewall rule to disallow connections to 178.77.120.0/24
The TeamViewer IP Address Range is 178.77.120.0/24, which translates to 178.77.120.1 – 178.77.120.254.
Step 4: Block TeamViewer Port
This step probably isn’t necessary, but can be good as an extra layer of protection. TeamViewer connects on port 5938, but also tunnels via ports 80 (HTTP) & 443 (SSL) if that is unavailable. Here’s how to block that port:
- Log into your Firewall or Router
- Add a new outgoing firewall rule to disallow TCP & UDP port 5938 from all source IP Addresses
Step 5: Group Policy Restrictions
If you have an Active Directory Network, consider adding Software Restrictions to Group Policy. Here’s how you can do it:
- Download the TeamViewer EXE file from their website.
- Open your your Group Policy Management Console, and create a new GPO.
- In your GPO go to Software Restriction Polices found under User Configuration > Windows Settings > Security Settings > Software Restriction Policies.
- Right click and choose “New Software Restriction Policies”.
- Select “Browse” in the New Hash Rule popup window. Find the TeamViewer setup EXE and open it.
- Close those windows and link your new GPO to the domain and make it apply to everyone.
Step 6: Deep Packet Inspection
If all of these steps fail you, you may need to implement a firewall which performs Deep Packet Inspection and Unified Threat Management. These devices are specifically trained to look for common remote access tools and block them. They also cost a lot of money.
These steps should help you reliably block TeamViewer on your network. This protects you against users trying to gain remote access to your network using this software, or getting to their own PCs at home to circumvent filters. It is worth checking your setup regularly to ensure it is still functioning as expected, as the ports and IP Addresses may change in the future. You should also apply similar restrictions to all of the other common remote access tools. When it comes to security, you can never be too sure.
Ever wonders how can you get the IP address from TeamViewer without connecting? Here is how.
TeamViewer does not provide this functionality directly. But you can know the IP address by faking a connection and then reading the TeamViewer logs.
- Open TeamViewer.
- Fill in the partner ID.
- Click Connect to partner.
- On password prompt click Cancel.
On the main window, click ExtraOpen log files… in order to access the TeamViewer logs.
For Versions prior to 9 located by default in C:Program FilesTeamViewerVersionX and open with Notepad the TeamViewerX_Logfile.log file (where X your Teamviewer Version)
For Version 10 and onwards open C:Program FilesTeamViewerTeamViewer10_Logfile.log with Notepad.
In the file, search from the bottom for the first line where it is written CTXX GWT.CmdUDPPing.PunchReceived, a=XXX.XXX.XXX.XXX, p=XXXXX
where a=XXX.XXX.XXX.XXX is the IP address you’re looking for.
Teamviewer Id And Password
Please leave your comments below with your thoughts or alternative suggestions.