Sudden Telnet Traffic Drop. Are Telcos Filtering Ports to Block Critical Vulnerability? (theregister.com)
(Saturday February 14, 2026 @11:34AM (EditorDavid)
from the terminal-conditions dept.)
- Reference: 0180790808
- News link: https://tech.slashdot.org/story/26/02/14/0447228/sudden-telnet-traffic-drop-are-telcos-filtering-ports-to-block-critical-vulnerability
- Source link: https://www.theregister.com/2026/02/11/were_telcos_tipped_off_to/
An anonymous reader shared [1]this report from the Register :
> Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, six days before security advisories for CVE-2026-24061 went public on January 20. The flaw, a decade-old bug in GNU InetUtils telnetd with a 9.8 CVSS score, allows trivial root access exploitation. GreyNoise data shows Telnet sessions dropped 65 percent within one hour on January 14, then 83 percent within two hours. Daily sessions fell from an average 914,000 (December 1 to January 14) to around 373,000, equating to a 59 percent decrease that persists today.
>
> "That kind of step function — propagating within a single hour window — reads as a configuration change on routing infrastructure, not behavioral drift in scanning populations," said GreyNoise's Bob Rudis and "Orbie," [2]in a recent blog [post] . The researchers unverified theory is that infrastructure operators may have received information about the [3]make-me-root flaw before advisories went to the masses...
>
> 18 operators, including BT, Cox Communications, and Vultr went from hundreds of thousands of Telnet sessions to zero by January 15... All of this points to one or more Tier 1 transit providers in North America implementing port 23 filtering. US residential ISP Telnet traffic dropped within the US maintenance window hours, and the same occurred at those relying on transatlantic or transpacific backbone routes, all while European peering was relatively unaffected, they added.
[1] https://www.theregister.com/2026/02/11/were_telcos_tipped_off_to/
[2] https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
[3] https://www.theregister.com/2026/01/22/root_telnet_bug/
> Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, six days before security advisories for CVE-2026-24061 went public on January 20. The flaw, a decade-old bug in GNU InetUtils telnetd with a 9.8 CVSS score, allows trivial root access exploitation. GreyNoise data shows Telnet sessions dropped 65 percent within one hour on January 14, then 83 percent within two hours. Daily sessions fell from an average 914,000 (December 1 to January 14) to around 373,000, equating to a 59 percent decrease that persists today.
>
> "That kind of step function — propagating within a single hour window — reads as a configuration change on routing infrastructure, not behavioral drift in scanning populations," said GreyNoise's Bob Rudis and "Orbie," [2]in a recent blog [post] . The researchers unverified theory is that infrastructure operators may have received information about the [3]make-me-root flaw before advisories went to the masses...
>
> 18 operators, including BT, Cox Communications, and Vultr went from hundreds of thousands of Telnet sessions to zero by January 15... All of this points to one or more Tier 1 transit providers in North America implementing port 23 filtering. US residential ISP Telnet traffic dropped within the US maintenance window hours, and the same occurred at those relying on transatlantic or transpacific backbone routes, all while European peering was relatively unaffected, they added.
[1] https://www.theregister.com/2026/02/11/were_telcos_tipped_off_to/
[2] https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
[3] https://www.theregister.com/2026/01/22/root_telnet_bug/
Telnet as in port 23? (Score:2)
by quenda ( 644621 )
Telnet, like we used to use in between fighting sabre-tooth tigers and coding in COBOL?
When we sent symmetric passwords in plaintext?
That is a zombie protocol risen from the OxDEAD ! Just kill it.
Probably a good thing (Score:2)
by Voyager529 ( 1363959 )
Don't get me wrong, I still telnet to a handful of BBSes that still use the protocol...but with SSH largely supplanting it, and few end-user facing applications using it...the odds are good that most residential telnet traffic isn't all that legitimate, so requiring that customers call to request opening of port 23, along with 80 and 443 as some ISPs do, is probably a good thing overall.
Re: (Score:2)
by unixisc ( 2429386 )
Yeah, those insecure protocols - telnet, ftp, rsh, rlogin, http,... all ought to be deprecated. Long overdue
Telnet is still used? (Score:2)
by MpVpRb ( 1423381 )
I guess some old ideas never die
Whut?? (Score:2)
It's 2026. Who on Earth still runs a Telnet server? (Other than cute little demos like mapscii.me that don't require authentication anyway.)
Re: (Score:2)
Vintage computer OSes often used telnet for network login access, some people had made vintage systems available for guest access. But beyond that no one should be using telnet for anything else these days.
Re: (Score:2)
> It's 2026. Who on Earth still runs a Telnet server? (Other than cute little demos like mapscii.me that don't require authentication anyway.)
Sure maybe you have a really legacy embedded device tucked away somewhere where it is somewhat secured and a calculated risk, but this article is talking about the open internet. That is just crazy, I had no idea.