by      
TeamViewer 4.0.x had some issues. It is old and has been updated many times. I've removed the old server data and the firewall logs because this article needs to fade away into the "Internet Hacked Sunset" and allow those testing new software to pick up where I stopped. In this article I'll be answer the search questions and direct questions from those interested.

TeamViewer Version 4.0

My guess you are here because you are looking for more information about how the TeamViewer application works. 

Server = Host
Client = Viewer

You might be looking for IP addresses, session information and in my case how to block the free time limits. 

While I was using version 4.0 I noticed that others could join into my active session if I made my session non responsive to the server on the client side of the connection. 

In a nutshell, once you blinded the server via blocking IP and Ports to the client side (host side is the computer you are connecting with) computer you could keep the connection alive beyond the time limit. But, I also had visitors from other networks join the same session. 
I believe this was corrected in later version of 5.x or 6.x but I have never checked them. 

I have not tested TeamViewer since that time. 
Be sure to check the NIST.gov database and others to find information about newer versions. 

Below are notes collected while I was testing. 
This is not a forward hack, it's a local computer setting and workaround to the timeout issue.

Quick answer: Servers.

How I worked it.

The story line, as each connection was made, the remote system (server) was allowed to keep active connections while the local computer (Viewer) was blocking the connections in both directions after they were made.

1st Outbound Connection Reported from Host (System A)

  • IP address: 80.237.220.185
  • Host name: server117.teamviewer.com
  • 80.237.220.185 is from Germany(DE) in region Western Europe

2nd Outbound Connection (System A)

  • IP address: 87.230.73.23
  • Host name: master.dyngate.com
  • 87.230.73.23 is from Germany(DE) in region Western Europe

3rd Outbound Connection (System A)

  • IP address: 87.230.73.23
  • Host name: master.dyngate.com
  • 87.230.73.23 is from Germany(DE) in region Western Europe

4th Outbound Connection (System A)

  • IP address: 216.108.224.206
  • Host name: server859.teamviewer.com
  • 216.108.224.206 is from United States(US) in region North America

5th Outbound Connection (System A)

  • IP address: 87.230.73.19
  • Host name: he3.teamviewer.com
  • 87.230.73.19 is from Germany(DE) in region Western Europe

6th Outbound Connection (System A) to (System B) This is our Client Connection IP address during our testing.

  • IP address: 68.11.202.182
  • Host name: ip68-11-202-182.br.br.cox.net
  • 68.11.202.182 is from United States(US) in region North America

7th Outbound Connection (System A)

  • IP address: 64.235.55.114
  • Host name: server851.teamviewer.com
  • 64.235.55.114 is from United States(US) in region North America

8th Outbound Connection (System A)

  • IP address: 216.108.224.204
  • Host name: server860.teamviewer.com
  • 216.108.224.204 is from United States(US) in region North America

NOTICE THIS NEXT CONNECTION:

9th Outbound Connection (System A)

  • IP address: 64.183.54.182
  • Host name: rrcs-64-183-54-182.west.biz.rr.com
  • 64.183.54.182 is from United States(US) in region North America

10th Outbound Connection (System A)

  • IP address: 72.145.1.90
  • Host name: adsl-145-1-90.mia.bellsouth.net
  • 72.145.1.90 is from United States(US) in region North America

11th Outbound Connection (System A)

  • IP address: 216.108.224.210
  • Host name: server858.teamviewer.com
  • 216.108.224.210 is from United States(US) in region North America

12th Outbound Connection (System A) (Client Connection)

  • IP address: 68.11.202.182
  • Host name: ip68-11-202-182.br.br.cox.net
  • 68.11.202.182 is from United States(US) in region North America

 

All of this took place over about 2 hours. I did make it past their small time-out by not allowing selected connections. 

My guess is the servers (Master) thought the connection dropped and kept one connection session alive. But did the traffic to the computer that was never interupted trigger something else?

Just about 2 hours and 20 minutes into the session the Roadrunner connection came up. I didn't allow it on my end, I had all my external connections blocked except to the remote computer which I still had control over. 

The RR connection came up on my firewall log but only for a single attempt. Then it was on the remote system moving the mouse and the person opened the TV Session screen, right mouse clicked the session ID box and then clicked Copy. All while I was watching from the remote station. 

This is what I think happened and you can discuss it all you want. 

I believe that who was monitoring traffic over the USA server noticed a session established and traffic flow but no second computer. They then used the server to connect to my remote computer and they copied the session ID. Once that was done they could reset the session at the server. Right? That's it, really, do you believe me?

Well, some thought it wasn't a TeamViewer employee monitoring the server. I've had my years on servers and it's what I would have done if someone connected and didn't logout. But, if it was a DLL issue and it was a hack then why would they (hack) want the sssion ID? 

 

That's all I'm going to say and I'll still say it wasn't a "Hack" but that doesn't explain how the remote mouse and remote session ID was copied by a remote connection that wasn't part of my plan. 

Could it have been Area 51? Or that last question, do you think it was a privacy issue and that's why no one said a word?

I went back to the old fashioned "Dial up" the server method. (VPN SSL, RDP Internal AD )

That's about it. 

 

 

TeamViewer 4.0.x had some issues. It is old and has been updated many times. I've removed the old server data and the firewall logs because this article needs to fade away into the "Internet Hacked Sunset" and allow those testing new software to pick up where I stopped. In this article I'll be answer the search questions and direct questions from those interested.