With the trend away from running telnetd and FTPD and toward running SSHD many system administrators are removing the “telnet” and “FTP” service lines from the >system>stcp>services file.
#Name          port           Service Alias
#
ftpdata        20/tcp
ftp            21/tcp         ftpd
telnet         23/tcp         telnetd
smtp           25/tcp
bootps         67/udp         bootpd
bootpc         68/udp         bootp
. . . . . .
Figure 1 – telnet and FTP entries in the >system>stcp>services file
This will cause problems if you still need to run the telnet and/or FTP clients to communicate with other hosts.
telnet 172.16.1.34
telnet: tcp/telnet: unknown service
ready 09:30:15
ftp 172.16.1.34
ftp: ftp/tcp: unknown service
ready 09:30:26
Figure 2 – telnet and FTP client errors caused by missig services entries
The reason is that the telnet and FTP clients use the getservbyname function to determine what port number they should connect to. This function reads the services file and if the service names “telnet” and/or “ftp” are not in that file the function does not return a port number and the clients terminate.
The telnet client allows you to bypass this function call by providing a port number on the command line.
telnet 172.16.1.34 23
Trying...
Connected to 172.16.1.23.
Escape character is '^]'.
login:
Figure 3 – providing telnet client a port number
The FTP client does not have this option.
The services file is just a flat file database mapping service names to port numbers and protocols. Removing the “telnet” and “ftp” lines does not effectively increase the security level of the module since having these lines in the file does not mean that these services will automatically be run. Unless you are sure that none of your users will ever need to use the telnet and FTP clients you should leave the entries in the services file.