"Global Telnet traffic "fell off a cliff" on January 14, six days before security advisories for CVE-2026-24061 went public on January 20. The flaw, a decade-old bug in GNU InetUtils telnetd with a 9.8 CVSS score, allows trivial root access exploitation. GreyNoise data shows Telnet sessions dropped 65 percent within one hour on January 14, then 83 percent within two hours."
""That kind of step function - propagating within a single hour window - reads as a configuration change on routing infrastructure, not behavioral drift in scanning populations," said GreyNoise's Bob Rudis and "Orbie," in a recent blog. The researchers unverified theory is that infrastructure operators may have received information about the make-me-root flaw before advisories went to the masses. "A backbone or transit provider - possibly responding to a coordinated request, possibly acting on their own assessment- implemented port 23 filtering on transit links."
Global Telnet traffic dropped sharply on January 14, six days before public advisories for CVE-2026-24061. The flaw is a decade-old GNU InetUtils telnetd bug with a 9.8 CVSS score that permits trivial root access. GreyNoise observed Telnet sessions drop 65 percent within one hour and 83 percent within two hours, with daily sessions falling from about 914,000 to roughly 373,000, a 59 percent decrease that persists. An unverified theory attributes the change to one or more backbone or transit providers implementing port 23 filtering on transit links. Eighteen operators fell from hundreds of thousands of sessions to zero; major cloud providers were mostly unaffected, with AWS increasing 78 percent, consistent with private peering bypassing transit backbones. The pattern points to Tier 1 transit filtering in North America.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]