outbound UDP port 1

Alexander Morozov alex at nixd.org
Sat Jun 16 23:36:25 UTC 2018


Hello.

I was doing experiments with the sandboxing in FreeBSD and I executed 
nginx sandboxed (in sandbox for FreeBSD) and I noticed that sandbox 
blocked 2 outbound datagrams from nginx (uid:root) process.

Jun 17 00:26:02 ** sandboxd[49377]: action: deny for pid[30392]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:65.158.94.185:1
Jun 17 00:26:02 ** sandboxd[49377]: action: deny for pid[30392]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:65.158.94.168:1
Jun 17 01:17:03 ** sandboxd[49377]: action: deny for pid[61454]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:205.197.140.171:1
Jun 17 01:17:03 ** sandboxd[49377]: action: deny for pid[61454]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:205.197.140.178:1
Jun 17 01:24:11 ** sandboxd[49377]: action: deny for pid[11326]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:80.239.148.73:1
Jun 17 01:24:11 ** sandboxd[49377]: action: deny for pid[11326]nginx 
uid:0 procedure: network-outbound[90] network outbound remote 
udp/ip4:80.239.148.95:1

I can not find any information about this addresses except from whois. 
For which purpose outgoing UDP/1 is used?

The nginx was built from ports with the following config:
===> The following configuration options are available for 
nginx-1.14.0_4,2:
      DEBUG=off: Build with debugging support
      DEBUGLOG=off: Enable debug log (--with-debug)
      DSO=on: Enable dynamic modules support
      FILE_AIO=on: Enable file aio
      IPV6=on: Enable IPv6 support
      THREADS=on: Enable threads support
      WWW=on: Enable html sample files
====> Modules that require MAIL module
      MAIL=off: Enable IMAP4/POP3/SMTP proxy module
      MAIL_IMAP=off: Enable IMAP4 proxy module
      MAIL_POP3=off: Enable POP3 proxy module
      MAIL_SMTP=off: Enable SMTP proxy module
      MAIL_SSL=off: Enable mail_ssl module
====> Modules that require HTTP module
      GOOGLE_PERFTOOLS=off: Enable google perftools module
      HTTP=on: Enable HTTP module
      HTTP_ADDITION=on: Enable http_addition module
      HTTP_AUTH_REQ=on: Enable http_auth_request module
      HTTP_CACHE=on: Enable http_cache module
      HTTP_DAV=on: Enable http_webdav module
      HTTP_FLV=off: Enable http_flv module
      HTTP_GEOIP=on: Enable http_geoip module
      HTTP_GUNZIP_FILTER=on: Enable http_gunzip_filter module
      HTTP_GZIP_STATIC=on: Enable http_gzip_static module
      HTTP_IMAGE_FILTER=off: Enable http_image_filter module
      HTTP_MP4=off: Enable http_mp4 module
      HTTP_PERL=off: Enable http_perl module
      HTTP_RANDOM_INDEX=off: Enable http_random_index module
      HTTP_REALIP=on: Enable http_realip module
      HTTP_REWRITE=on: Enable http_rewrite module
      HTTP_SECURE_LINK=on: Enable http_secure_link module
      HTTP_SLICE=on: Enable http_slice module
      HTTP_SSL=on: Enable http_ssl module
      HTTP_STATUS=on: Enable http_stub_status module
      HTTP_SUB=on: Enable http_sub module
      HTTP_XSLT=off: Enable http_xslt module
      HTTPV2=on: Enable HTTP/2 protocol support (SSL req.)
      STREAM=on: Enable stream module
      STREAM_SSL=on: Enable stream_ssl module (SSL req.)
      STREAM_SSL_PREREAD=on: Enable stream_ssl_preread module (SSL req.)
      AJP=off: 3rd party ajp module
      AWS_AUTH=off: 3rd party aws auth module
      BROTLI=off: 3rd party brotli module
      CACHE_PURGE=on: 3rd party cache_purge module
      CLOJURE=off: 3rd party clojure module
      CT=off: 3rd party cert_transparency module (SSL req.)
      DEVEL_KIT=on: 3rd party Nginx Development Kit module
      ARRAYVAR=off: 3rd party array_var module
      DRIZZLE=off: 3rd party drizzle module
      DYNAMIC_UPSTREAM=off: 3rd party dynamic_upstream module
      ECHO=off: 3rd party echo module
      ENCRYPTSESSION=off: 3rd party encrypted_session module
      FASTDFS=off: 3rd party fastdfs module
-- 
Kind Regards,
Alexander Morozov


More information about the nginx mailing list