tanya-jawab  

Re: [tanya-jawab] Ngeblok Team Viewer di IPTables

Nyoman [D]
Sun, 14 Mar 2010 21:44:29 -0700

On Mon, 2010-03-15 at 11:23 +0700, aghe milano wrote:
> " Betul pak... besok-besok (kalau belum ketemu juga) coba saya lihat, team
> viewer akan melewati "server mereka" yang berIP berapa.. mudah-mudahan
> aja nggak random :) "
> 
> sepertinya random pak,berikut beberapa sesi yang saya coba
> tcp        0      0 114.58.237.108:2787     server324.teamview:http 
> ESTABLISHED
> tcp        0      0 114.58.237.108:3208     server355.teamview:http 
> ESTABLISHED
> tcp        0      0 114.58.237.108:1078     server306.teamview:http 
> ESTABLISHED
> 
> kira2 bisa pakai wildcard tdk,untuk bs memblok
> serverxxx.teamviewer.com?mksd saya apakah ada fitur semacam wildcard
> string di IPTABLES?

Mungkin perlu dicoba pake -m string --string "teamviewer" pak

Coba jalankan ini di gateway bapak, dan amati log (/var/log/messages)

iptables -A FORWARD -m string --string "teamviewer" -j LOG --log-level \
 info --log-prefix "TEAMVIEWER"

Kemudian connect ke remote computer pakai TeamViewer, apakah string tadi masuk 
ke log?
Kalau iya.. tinggal block pake

iptables -I FORWARD -j DROP -p tcp -d 0.0.0.0/0 -m string --string "teamviewer"

WARNING: Not tested :D

Nyoman

Attachment: signature.asc
Description: This is a digitally signed message part