19

I am wondering how is it possible for Team Viewer to establish the remote desktop connection over the internet even if the user has not enabled the 3389 port ?

I am searching over the internet but didn't find the satisfied answer to my question ? How does it even possible to establish RDP over the internet since it is only possible across the network ?

Does Team Viewer use Reverse Connection technique ? Is it possible to establish the RDP connection with someone who is outside the network ?

mgkrebbs
  • 410
  • 5
  • 13
Sufiyan Ghori
  • 318
  • 1
  • 2
  • 9
  • 4
    What makes you think it uses RDP? AFAIK, it uses its own protocol. – Bruno Apr 29 '12 at 10:49
  • Please see the solution of your questions at: http://mediarealm.com.au/articles/2014/10/block-teamviewer-network/ –  Jul 06 '16 at 18:11

4 Answers4

29

To elaborate on ewanm89's post, TeamViewer does use UDP pinholeing.

UDP is a stateless protocol. This means packets are fired off at their target with no verification (at the protocol level) that they were received or even reached the destination. Firewalls are designed to look for UDP packets and record the source and destination as well as the timestamp. If they see an inbound packet that matches an outbound packet they will generally allow the packet through even without a specific rule being placed in the firewall's access list. This can be locked down on enterprise grade devices, but in general 90% of the firewalls out there will allow return traffic.

In order to pin hole your machine (viewer) has a TCP connection back to the main TeamViewer server. The target machine (client) also has a TCP connection to the main TeamViewer Server. When you hit connect your machine tells the main server its intention. The main server then gives you the IP address of the client machine. Your machine then begins firing UDP packets at the client. The client is signaled that you intend to connect and is given your IP. The client also starts firing UDP packets at you.

If the firewalls are "P2P-friendly", this causes both firewalls (yours and the client's) to allow the traffic, thus "punching holes" in the firewall. Specifically, this requires the firewalls to not change the public port of an outbound packet merely because its destination has changed; the firewall must reuse the same public port as long as the source of the packet hasn't changed. If your firewalls don't behave in such a friendly manner, then this won't work. Many firewalls do behave this way, though.

Of course TeamViewer adds some security by doing a pin/password check before the main server sends the IP info to both parties but you get the idea.

user541686
  • 2,502
  • 2
  • 21
  • 28
Chris Frazier
  • 795
  • 5
  • 6
4

Teamviewer run proxy servers, both sides connect to the server and then the server relays from one to the other (though it can do direct connections if possible and it can also do UDP NAT holepunching).

ewanm89
  • 2,043
  • 12
  • 15
2

Team Viewer uses their own servers as a bridge to connect two clients. It appears to be a packaged software solution. It is NOT. It is a HOSTED solution exactly the same way as LogMeIn does.

If you look for truly on-premise secured connection, try VNC (software), Radmin (software), Bomgar (appliance) or RHUB (appliance).

Janetf
  • 21
  • 1
0

Teamviewer should be installed on both machines and both should be connected to the internet , Teamviewero on the remote machine should have an IDLE connection to the Teamviewer Proxy Servers and waits for connections requests , After receiving it, a direct UDP connection will be established ,known that both machines must set and ID and Password before this process

P3nT3ster
  • 877
  • 7
  • 10