Teamviewer listening on port 80 and 5938 by default, why?

So I had port 5938 exposed to the world accidently. No foul. No one seemed to be able to establish a session it according to the teamviewer logs. But netstat show some random (non teamviewer) IP connecting directly to 5938 .

I blocked incoming 80 and 5938 . I am still able to connect to that system. Incoming and Outgoing teamviewer connections still work.

What is the point of having 80 and 5938 open by default for Teamviewer? also, why would I be seeing random IP's with established connections on port 5938 ? does teamviewer use some sort of p2p networking?

remote-desktop

Tom G11

Posted 2011-11-03T22:23:33.700

Reputation: 173

Answers

First off... Teamviewer can be a major pain! Especially inside a corporate environment. As we found out, Teamviewer is constantly making connections back to their servers. If you trace the IP's you found, you will more then likely find that they are owned by Teamviewer and originate in Germany.

If you completely cut your machine off from the Internet, you will see that your Teamviewer will never get a 9 digit ID. It will either error out, or if you have "Incoming LAN connections" set to "accept" it will show your computers IP address.

The Teamviewer software requires a connection back to their servers in order to generate that 9 digit ID.

These are some of the observations I have made anyway since using this software.

bourne

Posted 2011-11-03T22:23:33.700

Reputation: 206

Yes I understand if you block outgoing port 80 teamviewer will not be able to establish a connection to the master servers. But my question is why would it need to hold on to incoming ports. – Tom G11 – 2011-11-03T22:35:11.923

That I don't know. I think I remember that there is away to provide a weblink to someone and have them use that link to connect to your teamviewer session. Could this be the reason? – bourne – 2011-11-03T22:42:02.927

I think you're right - that's to allow at-will incoming sessions. – Shinrai – 2011-11-03T22:51:16.203

5And I would just add that Teamviewer is a wonderful product, but if you need to be this paranoid about open ports any remote access product that uses a centralized database to negotiate connections (Teamviewer, LogMeIn, GoToMyPC) is probably not right for you. – Shinrai – 2011-11-03T22:52:32.660

You can set "Don't use incoming ports 80 and 443" under "Advanced" options to prevent this. Weird thing is though on the Teamviewer website they claim port 80 is only used for outgoing connections... – bourne – 2011-11-03T22:55:39.667

Teamviewer is a good product. however, I have had my issues with them. They do not support non-active directory domains. I have had major issues installing their software using their provided VBscript and exported registry files. Besides that, they're great! – bourne – 2011-11-03T22:59:18.227

Teamviewer IS P2P in nature. I have a support email from the official Teamviewer support (who were quick in responding and professional, courteous etc, even though I was not yet a paying customer). They seemed to think the privacy-bothering P2P element didn't matter, from a design and security perspective, though... and I disagree.

What Shinrai said is right. But also what bourne said. If you only want to use Teamviewer for intranet / LAN support, then you can set it to 'accept LAN connections exclusively' and it should not generate or show a 9-digit UID, whilst showing the LAN IP of the host it is running on, instead. There are other switches that help keep it off the WAN / Internet, like 'Block online status for this Teamviewer ID and such' - but you can check these for yourself, they are self-explanatory, really...

Anti1337

Posted 2011-11-03T22:23:33.700

Reputation: 11