We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.
Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.
🔗 https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
RE: https://infosec.exchange/@greynoise/116048274219221618
Unsung heroes.
3/5 of telnet traffic (100% INSECURE, with the dominant implementation having a trivial zero-day remote root login bug) was stopped by one transit provider saying “unrestricted Internet my ass, this garbage is not welcome!”
How many systems were saved?