On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
It’s an interesting write up… I’m a bit surprised there are/were that many internet facing telnetd instances online. Maybe it’s just the sheer amount of ancient routers & such that were deployed with telnet enabled by default and are still plugged in and running to this day.
I share the author’s nostalgia for Telnet, as a kid who spent many lost hours trying to telnet into “interesting things” at the dawn of the internet. It is, however, long past time for the protocol to die and force ancient and insecure things to be retired. Thus might just do it.
But telnet is just a bidirectional TCP connection. You can run any terminal emulation you want over it, and run it on any port you want.
The telnetd service on the other hand… that has no reason to still be internet-facing.
I used to debug POP3 issues by going through sessions one line at a time via telnet. Occasionally HTTP sessions too.
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
Hopefully nobody uses it for actual remote system access anymore, but it’s still a great protocol (well… “great” with some caveats) for things like MUDs and BBSes and other toys. I’m pretty sure you can even use it for IRC or IMAP or HTTP if you know what you’re doing. Is it secure? Of course not. That’s why we use modern protocols using SSL or TLS when we need security. But we don’t always need security.
Sure, telnet is not secure. But neither is, say, Minecraft. Because it’s a game. It’s not that important and in some ways it’s actually frustrating. There are pros and cons. It sucks if people are cheating or you get griefed or you get your account hacked or some other shit hacked, oh well, it’s a game, all you need to do is go outside and touch some grass about it. Not everything in life needs to be bank-vault secure. Sometimes it’s fun to just play around with raw text that doesn’t have ironclad security rules and certificates and key renegotiation guardrails built around it. Just go spew some text at some other protocol and see what it says. It’s fun and educational. I love telnet.
Telnet is still a quick and easy way to check if a certain port on a machine is listening.
But that’s not what it was made for, of course. It’s real meaning has gone down long ago.
Can do
ncnow which is more flexible for connectivity tests.
The exploitation of this issue is so ridiculously trivial, I’m shocked it took 11 years to discover
To be fair, Telnet was already mostly dead in 2015.
Bad news on the backbone
I couldn’t scan a single ASNI’m trying to figure out what pronunciation or accent the author uses to have this rhyme. A heavy South African accent, so backbone is more like “berckben”? Pronouncing ASN as “a-sone”?
