Teamviewer, powershell, and cisk
Put me here for a task to cover access through Teamviewer softiny to our network from the outside. By way of background, a little sad – historically, thus the programmer is a contractor remotely connected to the server with the database 1C. Yes, everything is wrong and difficult and attempts to change both technically and organisationally, ran into opposition accounts. But it's not about that, and lock this very Teamviewer'.
The first thing I, of course, climbed in the search. Found a couple of dozen topics with discussion of this question, looked at how people block that. with varying degrees of success. The problem is that the servers to which it will connect, well, very much, miss something easy in comments to the lists of the found ranges, people often complained that they have this solution doesn't work.
Well, put together two computers that are installed on them Teamviewer'cal programmulina to live to see, it turns out or not.
Blocking tcp port 5938, judging by the comments, no longer works with the release of the previous version. In any case, made, of course, a rule to block incoming and outgoing on this port and found somewhere tcp 9997. The immediate effect did not happen, but the counter on the cisk recorded positives. Well, let it be.
Then I started the wool all found mates bands. Somewhere on the fifth read the topic and added a fourth ten bands were recorded robust lock, after several attempts I reports it cannot connect. Yay! The primary goal is achieved, but I want more. Eighty, ninety, or even ninety-five percent – lack of reliability.
Decided to tackle this problem a little deeper. For starters, I wanted to understand how to create a full list of Teamviewer'ing hosts. In principle, friends on the forums, it was stated that we need to lock server view serverN.teamviewer.com where N is the number. But first, I have not yet figured out how to make otklucheny blocking by host name means Cisco, and secondly, lock the “naked” IP in any case be very useful as additional protection.
Occurred simple idea – to loop through all the names and ocresolate them in the IP. I'm a big fan of the command line, so first searched approaches to solve the problem by using a batch file. Figured – Yes, in principle, possible to parse the output of nslookup, but it will be sloppy. What if using Powershell?
Googling quickly found a suitable class .Net. A little experimenting, I realized that this scheme works great — especially liked that if the name will resolvida several IPS, all of them neatly placed in an array. Each IPS is added to the result array which is then sorted and cleaned from duplicates one with the Sort command, and resets to a text file. At the end of a small bar for convenience – the text file opens in Notepad, not to look for it on the disk. Yes, Powershell is a very handy and mighty tool.
The text of the script (Powershell v2):
the
Some moments in this script:
— The line $servers=@() initiates the array, without this, Powershell is confused in the types.
— [System.Net.Dns]::GetHostAddresses() – class .NET receiving IP addresses by name.
— IPAddressToString – a method that converts the result to an ordinary string.
As an intermediate result: Powershell terribly convenient for such specific admin tasks
(As the resulting subnet number about two hundred, were in the cisk – a subject for a separate topic, and it turns mnogabukav. Expect to finalize this process)
Results six hundred and fifty of the obtained addresses, reliable solution and +5 to skill “administration” :-)
At first, you may want to block these ranges with a large margin. However, I quickly stumbled upon the fact that one of the servers of moskva.fm 85.17.138.68, was in closed so the range of 85.17.*.* — much safer to make the rules more private, on the /24 subnet (85.17.136.* and 85.17.87.*). Alternatively, you can even block individual IPS on the list, but this is less reliable from the point of view of its original purpose of blocking Teamviewer – I think the appearance of new servers “close” to existing much more probable than in the new ranges.
Article based on information from habrahabr.ru
The first thing I, of course, climbed in the search. Found a couple of dozen topics with discussion of this question, looked at how people block that. with varying degrees of success. The problem is that the servers to which it will connect, well, very much, miss something easy in comments to the lists of the found ranges, people often complained that they have this solution doesn't work.
Well, put together two computers that are installed on them Teamviewer'cal programmulina to live to see, it turns out or not.
Blocking tcp port 5938, judging by the comments, no longer works with the release of the previous version. In any case, made, of course, a rule to block incoming and outgoing on this port and found somewhere tcp 9997. The immediate effect did not happen, but the counter on the cisk recorded positives. Well, let it be.
Then I started the wool all found mates bands. Somewhere on the fifth read the topic and added a fourth ten bands were recorded robust lock, after several attempts I reports it cannot connect. Yay! The primary goal is achieved, but I want more. Eighty, ninety, or even ninety-five percent – lack of reliability.
Decided to tackle this problem a little deeper. For starters, I wanted to understand how to create a full list of Teamviewer'ing hosts. In principle, friends on the forums, it was stated that we need to lock server view serverN.teamviewer.com where N is the number. But first, I have not yet figured out how to make otklucheny blocking by host name means Cisco, and secondly, lock the “naked” IP in any case be very useful as additional protection.
Occurred simple idea – to loop through all the names and ocresolate them in the IP. I'm a big fan of the command line, so first searched approaches to solve the problem by using a batch file. Figured – Yes, in principle, possible to parse the output of nslookup, but it will be sloppy. What if using Powershell?
Googling quickly found a suitable class .Net. A little experimenting, I realized that this scheme works great — especially liked that if the name will resolvida several IPS, all of them neatly placed in an array. Each IPS is added to the result array which is then sorted and cleaned from duplicates one with the Sort command, and resets to a text file. At the end of a small bar for convenience – the text file opens in Notepad, not to look for it on the disk. Yes, Powershell is a very handy and mighty tool.
The text of the script (Powershell v2):
the
### Get all the servers Teamviewer. Well, at least scored in their subdomains.
## Initialize
$result_ips = "C:\!scripts\teamviewer\result_tv_IPs.txt"
$result_addresses = "C:\!scripts\teamviewer\result_tv_addresses.txt"
del $result_ips
del $result_addresses
$servers=@()
## Start
serverN.teamviewer.com - 101-11500, 646 hosts [2011-11]
for ($i=1; $i -le 11500; $i++) {
echo $i;
$cur_server="server" + $i + ".teamviewer.com"
echo $cur_server
[System.Net.Dns]::GetHostAddresses($cur_server)|% {
if ($? -eq $true) {echo $cur_server |out-file -append $result_addresses};
$servers+=$_.IPAddressToString
}
}
# masterN.teamviewer.com - 1-16 [2011-11]
for ($i=0; $i -le 20; $i++) {
echo $i;
$cur_server="master" + $i + ".teamviewer.com"
echo $cur_server
[System.Net.Dns]::GetHostAddresses($cur_server)|% {
if ($? -eq $true) {echo $cur_server |out-file -append $result_addresses};
$servers+=$_.IPAddressToString
}
}
# pingN.dyngate.com - 2-3
for ($i=0; $i -le 10; $i++) {
echo $i;
$cur_server="ping" + $i + ".dyngate.com"
echo $cur_server
[System.Net.Dns]::GetHostAddresses($cur_server)|% {
if ($? -eq $true) {echo $cur_server |out-file -append $result_addresses};
}
}
# Sort and display results
$servers | sort-object -unique | out-file $result_ips
notepad.exe $result_ips
start-sleep -milliseconds 800 # pause just so
notepad.exe $result_addresses
Some moments in this script:
— The line $servers=@() initiates the array, without this, Powershell is confused in the types.
— [System.Net.Dns]::GetHostAddresses() – class .NET receiving IP addresses by name.
— IPAddressToString – a method that converts the result to an ordinary string.
As an intermediate result: Powershell terribly convenient for such specific admin tasks
(As the resulting subnet number about two hundred, were in the cisk – a subject for a separate topic, and it turns mnogabukav. Expect to finalize this process)
Results six hundred and fifty of the obtained addresses, reliable solution and +5 to skill “administration” :-)
At first, you may want to block these ranges with a large margin. However, I quickly stumbled upon the fact that one of the servers of moskva.fm 85.17.138.68, was in closed so the range of 85.17.*.* — much safer to make the rules more private, on the /24 subnet (85.17.136.* and 85.17.87.*). Alternatively, you can even block individual IPS on the list, but this is less reliable from the point of view of its original purpose of blocking Teamviewer – I think the appearance of new servers “close” to existing much more probable than in the new ranges.
Комментарии
Отправить комментарий