On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
But telnet is just a bidirectional TCP connection. You can run any terminal emulation you want over it, and run it on any port you want.
The telnetd service on the other hand… that has no reason to still be internet-facing.
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
I used to debug POP3 issues by going through sessions one line at a time via telnet. Occasionally HTTP sessions too.
I used to send messages by hand over SMTP using a telnet client.
Any reason to pick that over netcat though?
These days, not really, except that netcat has wider capabilities and so often triggers security alarms when used.