On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
It’s an interesting write up… I’m a bit surprised there are/were that many internet facing telnetd instances online. Maybe it’s just the sheer amount of ancient routers & such that were deployed with telnet enabled by default and are still plugged in and running to this day.