MSNP (port 1863)

Discussion in 'other security issues & news' started by JacK, Jun 18, 2003.

Thread Status:
Not open for further replies.
  1. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    msnp MSN Messenger protocol.

    What's the real function of this protocol let alone it connects to 2 M$ IP ?

    I blocked this port and don't see any side effect ?

    Rgds,
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey Jack,

    TCP 1863 is used to communicate over the MSN Messenger network (whether it be through via the MSN Messenger application itself or any Chat application that has an extention designed for it, for instance, Trillian). Its' Microsoft's version of AIM or ICQ. You won't see any effect as you probably are not using it. (I wonder though, why it is open if you are not using it o_O )

    HTH,

    Dan
     
  3. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    HTH,

    Hello Dan,

    What I see everywhere and in KB M$ :
    http://tinylink.com/?
    Bigjxx2Fki

    To enable messaging, enable outgoing TCP connections to TCP port 1863.

    NOTE: On the Connections tab in the MSN Messenger Options dialog box, make sure that the I use a Proxy Server check box is not selected.

    I block port 1863 and I always use a proxy for MSN Messenger and it runs flawlessly.

    I don't understand why it should open 2 connections with related M$ servers without I ask for a Netmeeting servers directory or anything.

    Tnx,
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hmm,

    I may be confused :eek:

    AFAIK, MSN Messenger is not a peer-to-peer protocol (or leastways not when waiting for a chat to start) there needs to be polling to some central point where other clients poll to to see if a certain user is listening (which allows users to use their same account on completely different machines/locations)

    While with NetMeeting you can bypass this "centrality" by envoking a point-to-point connection immediately, this is not possible in MSNMP.

    What is the nature of your proxy, local, external, etc?
     
  5. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi DAN,

    I am often running MSN Msg through chained high anonymity http Proxies or proxysocks.

    In fact, when :1863 is blocked, communication to those 2 servers is done through HTTP port and thus with proxies I don't let anything about myself on their logs : I hate to give anything about myself to M$ :D

    Tnx for your concern,
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey Jack,

    I've never used an outside proxy before so I am unsure on what the appearance would be in netstat/fport/PE/etc for this setup. Certainly packets will be reaching MS:1863 from you (via whatever amount of proxies) but it should appear in a manner consistent with your accessing MS:80 when on their knowledgebase. If whatever you are using to show the connection appears to show a more direct response than you are accustomed to seeing in other applications then I think you have something to worry about.

    I think the only way to be *entirely* sure of whether or not traffic is going direct to/from MS is to put a sniffer between your PC and the net.
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Dan,

    Port 1863 real function of this protocol is exactly what it says - MSN Messenger data and control protocol - )SSL channel with HTTP- like traffic containing among other things status information (idle/logged in/typing a message etc) and the authentication is sent encrypted (but not the transfered data without a third party app Trillian on both correspondants' machines)
    When blocked AND using a high anonymity or proxysocks, you of cause connect OUT to the servers but your personal IP is not loged, only the proxy.

    No document in M$ DB about it.

    Cheers,
     
Loading...
Thread Status:
Not open for further replies.