Some of the little used TCP/IP services

uucp        Unix to Unix Copy: normally not used on the Internet
finger      Just provides information useful in guessing passwords
tftp        Mostly required just for serving X terminal server code
comsat      Email delivery notification service
talk        I liked it better the first time, when it was called "a telephone"
ntalk       Ditto
bootp       Serves IP addresses for clients (DHCP a better solution?)
time        System time (Cheswick & Bellovin say no problem)
daytime     Human readable form of system time
echo        Is machine alive? (like "ping" command)
discard     Network version of /dev/null
chargen     Character stream generator (great fun when combined w/IP spoofing)
ypupdated   If you don't use NIS, get rid of this
systat      Just lets people see what your doing on your machine
netstat     Same thing as systat
rpc.rstatd  RPC status information used by perfmon
rusersd     Who's logged on?
sprayd      Used for testing, mostly
walld       Lets remote users mess up local users' screens
rpc.rwalld  RPC version
rexd        Not very secure remote execution facility

How do I disable them?

Comment the entries out in the /etc/inetd.conf file...

# @(#)inetd.conf        4.1.1.4 (ULTRIX)        4/19/88
# Internet server configuration database
#
#echo     stream  tcp     nowait  /etc/miscd      echod
#echo     dgram   udp     wait    /etc/miscd      echod
#discard  stream  tcp     nowait  /etc/miscd      sinkd
#discard  dgram   udp     wait    /etc/miscd      sinkd
#systat   stream  tcp     nowait  /etc/miscd      systatd
#systat   dgram   udp     wait    /etc/miscd      systatd
#daytime  stream  tcp     nowait  /etc/miscd      daytimed
#daytime  dgram   udp     wait    /etc/miscd      daytimed
#quote    stream  tcp     nowait  /etc/miscd      quoted
#quote    dgram   udp     wait    /etc/miscd      quoted
#chargen  stream  tcp     nowait  /etc/miscd      chargend
#chargen  dgram   udp     wait    /etc/miscd      chargend
ftp       stream  tcp     nowait  /etc/tcpd        /usr/etc/ftpd
#finger   stream  tcp     nowait  /etc/tcpd       fingerd
telnet    stream  tcp     nowait  /etc/tcpd       telnetd
time      stream  tcp     nowait  /etc/tcpd       timed
time      dgram   udp     wait    /etc/miscd      timed
# Run tftpd standalone
#tftp     dgram   udp     nowait  /usr/etc/tftpd  tftpd -r /usr/local/tftp_dir
exec      stream  tcp     nowait  /etc/tcpd       rexecd
login     stream  tcp     nowait  /etc/tcpd       rlogind
shell     stream  tcp     nowait  /etc/tcpd       rshd
  .
  .
  .
...then send a SIGHUP signal to the inetd process. (See the R870 course notes for more details.)

Also consider using the tcpd, or "TCP wrappers" program, for putting access controls and logging on those services you do wish to run.

Another tools is RIIS (Replacement for Internal Internet Services). [Here is the RIIS README file.]

[Next]


Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Wed Jun 19 09:56:12 1996