Sudden Telnet Traffic Drop. Are Telcos Filtering Ports to Block Critical Vulnerability?
Slashdot
by EditorDavidFebruary 14, 2026
AI-Generated Deep Dive Summary
A sudden and significant drop in global Telnet traffic has raised questions about whether telecommunications companies took preemptive action to block a critical vulnerability before its public disclosure. On January 14, just six days before the CVE-2026-24061 vulnerability was announced, Telnet sessions plummeted by 65% within one hour and 83% within two hours. This sharp decline—reaching a 59% drop in daily traffic by January 20—is unprecedented and suggests a deliberate effort by network operators to filter port 23, the standard Telnet port.
GreyNoise Intelligence points to evidence that this rapid decrease was not due to natural fluctuations or scanner behavior but rather a coordinated response. Data shows major telecom providers, including BT, Cox Communications, and Vultr, saw their Telnet traffic drop to zero by January 15. The timing and scale of the reduction suggest that one or more Tier 1 transit providers in North America implemented port filtering, likely after receiving early warnings about the vulnerability from vendors or researchers.
The CVE-2026-24061 flaw, a decade-old bug in GNU InetUtils telnetd with a CVSS score of 9.8, allows attackers to gain trivial root access. This makes it one of the most severe vulnerabilities ever disclosed. The fact that traffic dropped so sharply within such a short timeframe supports the theory that infrastructure operators acted proactively to block exploitation before official advisories were issued.
While this move could be seen as a
Verticals
tech
Originally published on Slashdot on 2/14/2026