Re: Possible attack vector?
it depends. i have a business account, and the module i made for my customers to download has the random password set to be 10 digits i think, plus a bunch of other stuff..
ive never thought of trying to connect via ip address....i dont know how you would do this and im not sure if its true. i guess it has to use a port, but it works without any kind of firewall config, so how could that be doable if you are behind a firewall with NAT (which everyone is these days)?
i think you might mean via the teamviewer ID.
you can certainly connect to ANY teamviewr client via the teamviewer id and either the random password or a preset "personal" password. there has also been a new kind of access called "grant easy access" in my upgrade to TV11. i asked tv about this previously, and it seemed that you can connect without using either personal password or random password.i havent enabled it because i didnt like the sound of it.
you can prevent anyone else or specific teamviewer id's from connecting to your teamviewer id (if you have a TV account) by use of a white / blacklist of teamviewer ID or account email address
my customers have it set so that only my teamviewer ID can remote their machines, if you try form another TV id it refuses. (i have tested this)
however, if someone has managed to spoof the dns of the tv servers (im kinda making this up now as you can tell, but ....big ddos, take their dns offline, pop up your own server advertising itself as teamviewer, tv clients connect to this server instead of real one) and who knows what could happen. someone more qualified than me should answer this)
i know one thing, i have a link to my module hosted on tv's site so that customers can download it. it was unavailable (404 error) on wed / thu . this could simply be beacuse they were being ddos'd and the 2 customers who tried to download it couldnt get through, but it might also be because it didnt exist on the nefarious server.
thoughts?
Biting the hand that feeds IT
