On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
I share the author’s nostalgia for Telnet, as a kid who spent many lost hours trying to telnet into “interesting things” at the dawn of the internet. It is, however, long past time for the protocol to die and force ancient and insecure things to be retired. Thus might just do it.
But telnet is just a bidirectional TCP connection. You can run any terminal emulation you want over it, and run it on any port you want.
The telnetd service on the other hand… that has no reason to still be internet-facing.
I used to debug POP3 issues by going through sessions one line at a time via telnet. Occasionally HTTP sessions too.
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
Hopefully nobody uses it for actual remote system access anymore, but it’s still a great protocol (well… “great” with some caveats) for things like MUDs and BBSes and other toys. I’m pretty sure you can even use it for IRC or IMAP or HTTP if you know what you’re doing. Is it secure? Of course not. That’s why we use modern protocols using SSL or TLS when we need security. But we don’t always need security.
Sure, telnet is not secure. But neither is, say, Minecraft. Because it’s a game. It’s not that important and in some ways it’s actually frustrating. There are pros and cons. It sucks if people are cheating or you get griefed or you get your account hacked or some other shit hacked, oh well, it’s a game, all you need to do is go outside and touch some grass about it. Not everything in life needs to be bank-vault secure. Sometimes it’s fun to just play around with raw text that doesn’t have ironclad security rules and certificates and key renegotiation guardrails built around it. Just go spew some text at some other protocol and see what it says. It’s fun and educational. I love telnet.