I would like to block teamviewer in my network. we are using CISCO IPS 4240 in IDS Mode. I found that there are signatures for teamviewer in latest Signatures.
We have only configured promiscuous interface, I read that we can issue TCP resets thru promiscuous interface as well (recommended is dedicated tcp reset interface).
However in my case, I found that Signatures for teamviewer is not getting fired even after getting successful teamviewer connections.
I am a beginner is IPS, Any inputs will be valuable for me.