On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
Hopefully nobody uses it for actual remote system access anymore, but it’s still a great protocol (well… “great” with some caveats) for things like MUDs and BBSes and other toys. I’m pretty sure you can even use it for IRC or IMAP or HTTP if you know what you’re doing. Is it secure? Of course not. That’s why we use modern protocols using SSL or TLS when we need security. But we don’t always need security.
Sure, telnet is not secure. But neither is, say, Minecraft. Because it’s a game. It’s not that important and in some ways it’s actually frustrating. There are pros and cons. It sucks if people are cheating or you get griefed or you get your account hacked or some other shit hacked, oh well, it’s a game, all you need to do is go outside and touch some grass about it. Not everything in life needs to be bank-vault secure. Sometimes it’s fun to just play around with raw text that doesn’t have ironclad security rules and certificates and key renegotiation guardrails built around it. Just go spew some text at some other protocol and see what it says. It’s fun and educational. I love telnet.