Anydesk is opening a port forward to my router , but port forward on router is Off

Question

Since several days ago I've noticed a strange behaviour on my router. On router logs , in Port forwarding section I've noticed a Port forward to one of my PC. ( this has happening to different PC in different time ). On my router Options , Por t forward is DISABLED.
The line on the log file contain a PORT RANGE that is different every time , and a Local Port that is always 7070.
I've checked the local port (7070) with :

netstat -ano | findstr "7070" 

and the proces that is listening on that port is Anydesk. ( Is always Anydesk in other PC where i've noticed this behaviour ) I've checked also the PORT RANGE on websites that test open ports , and they says that the port is open.

If i restart the router , the line on log file dissapear and the port result closed.But this situation has repeated several times with the same behaviour but on diferent PC.

How this can be possible , because as i said the option Port Forward on my router is set to disabled.

Answer 1

You need port forward for someone else to connect into your network, unless you have seriously restrictive firewall rules that deny any explicitly not allowed incoming connections. Most common routers are essentially linux or a Realtime OS running a stateful firewall. If your PC's initiating the connection, the router or firewall is going to let it through, unless the port is explicitly blocked.

A lot of remote desktop software that relies on an external service will initiate the connection from the system you are remoting to, and use a external server to either proxy the connection, or broker the connection between PCs. You're not always going to have an end user with the knowledge, or access to open up a port for you to run remote access on, and this is a simpler solution.

If you're not explicitly using anydesk - its commonly used by scammers. Your problem isn't that anydesk's bypassing your firewall (Its designed to!), its that one of your systems might be compromised.

In theory, on a better firewall or consumer router, you could specifically block that service - but at the risk of sounding alarmist, it sounds like one or more of your systems is compromised, and you might need to act accordingly.