Waldo JaquithI'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
Don't miss this explanation of how backbone providers coordinated on this telnetd exploit in advance of the CVE release, and simply blocked port 23 traffic. https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
2026-01-14: The Day the telnet Died – GreyNoise Labs
On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
John Kristoff@waldoj I'm not aware of any backbone provider coordination. That rarely happens for blocking anything - and probably the only time I can even recall there was such a widely coordinated port block was with Slammer over 20 years ago.
Another viewpoint here: https://www.terracenetworks.com/blog/2026-02-11-telnet-routing
Reports of Telnet’s Death Have Been Greatly Exaggerated — Terrace Networks
We see no evidence that specific core network autonomous systems have blocked Telnet, contrary to previous reports. We specifically see continued non-spoofable Telnet traffic from networks on which GreyNoise saw 100% drop-off. We suspect initial results may have been measurement artifacts or specifi
@jtk Interesting!