1. dequis.org
2. projects
3. msn
4. servers

MOVE ALONG NOTHING TO SEE HERE

All new docs are being written in the github msndevs wiki

The old contents are left here for historical reference

old contents

Just for fun, I decided to poke around with the layout of the MSN servers. Here's my notes.

Main entry points (all equivalent addresses, AFAIK. some CNAME to each other)

• messenger.hotmail.com
• messenger.hotmail.geo.msnmessenger.msn.com.akadns.net
• gateway.messenger.hotmail.com
• geo.gateway.messenger.live.com
• gw.msnmessenger.akadns.net
• gateway.messenger.hotmail.geo.msnmessenger.msn.com.akadns.net

Regions:

• bn1.gateway.messenger.hotmail.msnmessenger.msn.com.akadns.net
• bay.gateway.messenger.hotmail.msnmessenger.msn.com.akadns.net
• db3.gateway.messenger.hotmail.msnmessenger.msn.com.akadns.net
• sn1.gateway.messenger.hotmail.msnmessenger.msn.com.akadns.net

Each region points to one or two IPs (for example, in bn1, 157.56.106.209 and 157.56.108.81). These IPs actually seem to proxy internally to other servers.

Each server has ports 80, 443 and 1863 open (at the time of this writing, the ones in the bay region have closed 1863)

Doing an http request to those servers gets you a header like X-MSNSERVER: BN1MSGR2011001. They all seem to be in the format <region>MSGR<number>, the number looking a bit like a year followed by three numbers. This header isn't MSNP specific, I think I've seen it in other unrelated requests to microsoft services.

These are hostnames which can be resolved into IPs with BN1MSGR2011001.gateway.messenger.live.com, and those IPs lead to possibly internal-ish servers (134.170.24.86 in this case), so it's probably proxying.

Some random checking of the IPs from bay (through 64.4.45.209) showed that they are all in 64.4.46.0/24. Even though 64.4.45.209 does not have port 1863 open ATM, some of the IPs it proxies to do have it. 30 of those IPs have 1863 open, and 7 of those have it open but close the connection shortly after sending VER 1 MSNP18 (log)

Other logs:

• nmap -p 1863,443 -v -A 64.4.45.0/24 (IP range used in bay, none of the 1863 ports are open, commonName fields are interesting)
• nmap -p 1863,443 -v -A 157.56.108.0/24 (IP range used in bn1, one server with 1863 open, 157.56.108.81)

Aside from 443, most (if not all) of these servers work as HTTP(S) gateways, with http requests to /gateway/gateway.dll. These work in port 80 unless the parameter Protocol=mtp is passed (for msnp24), in which case the server returns 400 bad request (log)

This microsoft support KB page includes information about other potentially related servers: Network ports and URLs that are used by Windows Live Messenger