On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering
We had a transmitter on our building for satalite backhaul. I used to have fun using it to telnet into various stuff in orbit.
You’d be surprise at how many times they didn’t even bother with credentials.
Indeed, it’s amazing how much stuff was / is out there in the open.
Hobbyist use of unencrypted protocols like telnet can be very educational, and the other commenter is right that not everything needs to be encrypted, especially within the confines of a homelab, for instance.
My support for ending telnet use is much more about things like IoT systems, industrial hardware and so on talking in the clear and being vulnerable to compromise.
This isn’t about telnet, per se, but is a good example of the problem: https://news.satnews.com/2026/02/04/russia-intercepts-europes-key-satellites-placing-nato-satellite-at-risk/