On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
I share the author’s nostalgia for Telnet, as a kid who spent many lost hours trying to telnet into “interesting things” at the dawn of the internet. It is, however, long past time for the protocol to die and force ancient and insecure things to be retired. Thus might just do it.
But telnet is just a bidirectional TCP connection. You can run any terminal emulation you want over it, and run it on any port you want.
The telnetd service on the other hand… that has no reason to still be internet-facing.
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
I used to debug POP3 issues by going through sessions one line at a time via telnet. Occasionally HTTP sessions too.
I used to send messages by hand over SMTP using a telnet client.
Any reason to pick that over netcat though?
These days, not really, except that netcat has wider capabilities and so often triggers security alarms when used.
I remember using telnet on a Palm Pilot, linked to the internet via IRDA to my (pre-smart) cell phone to log into my companies’ server to fix something while I was on holidays.
Similar memories here. The first time I went on IRC using a Palm Pilot connected to a Ricochet modem, while in a moving vehicle (not driving!) felt like magic.
For me, it was not while moving, but while sitting on the beach.
The exploitation of this issue is so ridiculously trivial, I’m shocked it took 11 years to discover
It’s an interesting write up… I’m a bit surprised there are/were that many internet facing telnetd instances online. Maybe it’s just the sheer amount of ancient routers & such that were deployed with telnet enabled by default and are still plugged in and running to this day.
