1

Here is my firewall settings:

Firewall settings

Clearly, firewall is on for both private and public networks and it is set to "Block all connections including programs on the list of allowed programs". I did not explicitly add TeamViewer to the list and I would expect that using TeamViewer to remote desktop into a computer with these firewall settings would not work - firewall would stop TeamViewer from making the connection. But firewall did not stop TeamViewer - it went right around the firewall (without so much as a notification). How do they do this? How do I make my software capable of doing this?

Sacha T Red
  • 129
  • 1
  • 7

1 Answers1

1

You would need to add an outbound rule to block teamviewer. This would stop teamviewer establishing a connection with the teamviewer servers.

Teamviewer connects to central servers using outbound connections the connection is established inside your firewall, so your incoming firewall rules don't make any difference.

Drifter104
  • 3,773
  • 2
  • 25
  • 39
  • So if I sent a packet out to someone and they reply from their address back to me within a short period of time, the firewall will not block that? – Sacha T Red Jun 04 '15 at 16:40
  • Isn't that exactly what some NATs do? Cone restrictive NAT or something like that? – Sacha T Red Jun 04 '15 at 16:40
  • Yes and no, you can NAT in either direction and apply a firewall rule in either direction. Restricted Cone NAT could be used but then block connections to a particular IP. That wouldn't be blocking that type of NAT rather the source/destination/type etc... – Drifter104 Jun 04 '15 at 16:46
  • I noticed that I have inbound rules enabled for C:\Program File (x86)\Skype\Phone\Skype.exe and for C:\Program File (x86)\TeamViewer.exe and TeamViewer_Service.exe (UDP and TCP), but neither of those Programs is listed in the Outbound Rules. – Sacha T Red Jun 04 '15 at 16:49
  • Does that mean that with the given rules, Skype and TeamViewer can send UDP and TCP packets to me without me having to send them a UDP packet first? – Sacha T Red Jun 04 '15 at 16:52
  • They don't need outbound rules to be set during the installation as they both use 443 and 80. Yes it would mean that but I imagine you also have a hardware firewall on your network edge too – Drifter104 Jun 04 '15 at 16:53
  • Nah, I just have a Trendnet home router and a software firewall. I found out that the router has the kind of NAT where it will only accept an incoming UDP packet if the address and port number that the UDP packet is coming from is equal to the address and port number of an outgoing UDP packet. – Sacha T Red Jun 04 '15 at 16:58
  • But that's besides the point. So when I install an application, it sets up the firewall rules progmatically. Forget about NAT for a second - imagine that there is no NAT so that I can understand firewall better. If there were no inbound rules and the software firewall were set to "Block all connections including programs on the list of allowed programs", they (the public internet) wouldn't be able to send me the first packet, but would it be possible for Skype to send me a reply packet after I send them one first? – Sacha T Red Jun 04 '15 at 17:00