Wow: telnet traffic is now filtered in large parts of the internet

zekjur@mas.to

Wow: telnet traffic is now filtered in large parts of the internet

2026-01-14: The Day the telnet Died – GreyNoise Labs

On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

GreyNoise Labs (www.labs.greynoise.io)

giggls@karlsruhe-social.de

@zekjur There has been a time about 30 years ago, when it was possible to crash Windows 95 Machines using Telnet. I think this was called WinNuke.

smrqdt@chaos.social

@zekjur Not sure how I feel about providers deciding to filter an entire protocol/port without announcing anything (at least after the advisory was published), even though I get why they decided to do something.

But at least for me (AS3209) telnet towel.blinkenlights.nl and telnet telehack.com still work.

flancian@social.coop

@zekjur I get why this might make sense but there's something upsetting about providers filtering traffic at this scale; I don't particularly care about telnet but I don't like the idea of normalizing mass filtering for security reasons, as security concerns tend to grow to fit the shapes that states need to curb liberties over time.

jeroen@secluded.ch

@zekjur it is not black and white; majority of RIPE Atlas probes do not have that issue, might just be something in their path of view. There was a honeypot spike on 23 as per sans and jtk, but not much else. see also https://infosec.exchange/@jtk/116054665113577089

zekjur@mas.to

And an article rebutting this viewpoint: https://www.terracenetworks.com/blog/2026-02-11-telnet-routing

astro@c3d2.social

@giggls Windows didn't ship with telnet servers.

WinNuke was TCP OOB data sent to SMB ports: https://en.wikipedia.org/wiki/WinNuke