If you make use of Windows RDP or Remmina, you normally use the IP (public) or attached hostname of the server to log on. I was wondering how a remote program like Team Viewer works? And also, how does the program know how to route that traffic over the internet?
Most applications like TeamViewer route things through their servers if there's no direct path available, therefore bypassing the need to use public IPs and open ports.
TeamViewer, LogMeIn and any other program that allows a
zero config remote desktop session uses a third-party server.
For example, LogMeIn is a program similar to TeamViewer where you are able to remotely login to a computer outside of the network that you're currently on. You will notice that there are no external configurations required for this type of remote session. This is due to the fact that the software that you installed on the remote machine (the LogMeIn client) initiates an outgoing request to the LogMeIn servers. Since this client initiated the request, no port forwarding on the Firewall is required.
On your computer, outside of the network of the LogMeIn computer, can access this computer remotely through LogMeIn's website. This website accepts the initiated request from the remote computer and keeps the connection alive to listen for a remote session request.
When you run TeamViewer, you are assigned an ID on their broker server. You make a connection to a Teamviewer ID, and TeamViewer passes the connection down through the TeamViewer client's established tunnel to the destination and you then you are prompted for password and then the connection establishes afterwards.
Teamviewer uses port 80 to make a connection to a central server. If the connection is made, you get a unique ID, and the server knows you're online. All communication can happen over port 80 if other ports are blocked.
Teamviewer does allow you to connect directly to an IP-address. You have to set this in the options, to allow incoming LAN connections. This works for local networks, and probably for WAN networks as well, but then you have to get portforwarding working, to get port 80 to connect to the right computer behind the router/firewall. That makes things difficult for most people, and unmanageble for most of the rest, so then we use the Teamviewer ID method.
I don't know if this means that all traffic goes via the teamviewer servers, but it might. (And as it registers all clicks and keypresses, that probably means that they could - in theory - and since we know about PRISM etc probably in reality as well - know about all your logins and secret keys.)
This is what the company says in their Security Statement:
When establishing a session, TeamViewer determines the optimal type of connection. After the handshake through our master servers, a direct connection via UDP or TCP is established in 70% of all cases (even behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly redundant router network via TCP or https-tunnelling. You do not have to open any ports in order to work with TeamViewer!
As later described in the paragraph "Encryption and Authentication," not even we, as the operators of the routing servers, can read the encrypted data traffic