On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
I share the author’s nostalgia for Telnet, as a kid who spent many lost hours trying to telnet into “interesting things” at the dawn of the internet. It is, however, long past time for the protocol to die and force ancient and insecure things to be retired. Thus might just do it.
I remember using telnet on a Palm Pilot, linked to the internet via IRDA to my (pre-smart) cell phone to log into my companies’ server to fix something while I was on holidays.
I share the author’s nostalgia for Telnet, as a kid who spent many lost hours trying to telnet into “interesting things” at the dawn of the internet.
We had a transmitter on our building for satalite backhaul. I used to have fun using it to telnet into various stuff in orbit.
You’d be surprise at how many times they didn’t even bother with credentials.
Indeed, it’s amazing how much stuff was / is out there in the open.
Hobbyist use of unencrypted protocols like telnet can be very educational, and the other commenter is right that not everything needs to be encrypted, especially within the confines of a homelab, for instance.
My support for ending telnet use is much more about things like IoT systems, industrial hardware and so on talking in the clear and being vulnerable to compromise.
This isn’t about telnet, per se, but is a good example of the problem: https://news.satnews.com/2026/02/04/russia-intercepts-europes-key-satellites-placing-nato-satellite-at-risk/
But telnet is just a bidirectional TCP connection. You can run any terminal emulation you want over it, and run it on any port you want.
The telnetd service on the other hand… that has no reason to still be internet-facing.
Good point. I was referring more to telnetd as an unencrypted client-server protocol, typically to port 23. Often unauthenticated, ripe for MITM attacks.
That needs to end.
Hopefully nobody uses it for actual remote system access anymore, but it’s still a great protocol (well… “great” with some caveats) for things like MUDs and BBSes and other toys. I’m pretty sure you can even use it for IRC or IMAP or HTTP if you know what you’re doing. Is it secure? Of course not. That’s why we use modern protocols using SSL or TLS when we need security. But we don’t always need security.
Sure, telnet is not secure. But neither is, say, Minecraft. Because it’s a game. It’s not that important and in some ways it’s actually frustrating. There are pros and cons. It sucks if people are cheating or you get griefed or you get your account hacked or some other shit hacked, oh well, it’s a game, all you need to do is go outside and touch some grass about it. Not everything in life needs to be bank-vault secure. Sometimes it’s fun to just play around with raw text that doesn’t have ironclad security rules and certificates and key renegotiation guardrails built around it. Just go spew some text at some other protocol and see what it says. It’s fun and educational. I love telnet.
I used to debug POP3 issues by going through sessions one line at a time via telnet. Occasionally HTTP sessions too.
I used to send messages by hand over SMTP using a telnet client.
Any reason to pick that over netcat though?
These days, not really, except that netcat has wider capabilities and so often triggers security alarms when used.
Telnet is still a quick and easy way to check if a certain port on a machine is listening.
But that’s not what it was made for, of course. It’s real meaning has gone down long ago.
Can do
ncnow which is more flexible for connectivity tests.
It’s an interesting write up… I’m a bit surprised there are/were that many internet facing telnetd instances online. Maybe it’s just the sheer amount of ancient routers & such that were deployed with telnet enabled by default and are still plugged in and running to this day.
The exploitation of this issue is so ridiculously trivial, I’m shocked it took 11 years to discover
To be fair, Telnet was already mostly dead in 2015.
Yeah at least, it died with the rise of encryption
Bad news on the backbone
I couldn’t scan a single ASNI’m trying to figure out what pronunciation or accent the author uses to have this rhyme. A heavy South African accent, so backbone is more like “berckben”? Pronouncing ASN as “a-sone”?
