With the trend away from running telnetd and FTPD and toward running SSHD many system administrators are removing the “telnet” and “FTP” service lines from the >system>stcp>services file.
#Name port Service Alias
ftp 21/tcp ftpd
telnet 23/tcp telnetd
bootps 67/udp bootpd
bootpc 68/udp bootp
. . . . . .
Figure 1 – telnet and FTP entries in the >system>stcp>services file
This will cause problems if you still need to run the telnet and/or FTP clients to communicate with other hosts.
telnet: tcp/telnet: unknown service
ftp: ftp/tcp: unknown service
Figure 2 – telnet and FTP client errors caused by missig services entries
The reason is that the telnet and FTP clients use the getservbyname function to determine what port number they should connect to. This function reads the services file and if the service names “telnet” and/or “ftp” are not in that file the function does not return a port number and the clients terminate.
The telnet client allows you to bypass this function call by providing a port number on the command line.
telnet 172.16.1.34 23
Connected to 172.16.1.23.
Escape character is '^]'.
Figure 3 – providing telnet client a port number
The FTP client does not have this option.
The services file is just a flat file database mapping service names to port numbers and protocols. Removing the “telnet” and “ftp” lines does not effectively increase the security level of the module since having these lines in the file does not mean that these services will automatically be run. Unless you are sure that none of your users will ever need to use the telnet and FTP clients you should leave the entries in the services file.