February 10, 2026
Press F for Port 23
The Day the Telnet Died
RIP Port 23: admins cheer, MUD fans panic, and 'AI slop' drama erupts
TLDR: Telnet traffic on the public internet suddenly collapsed, likely because big U.S. networks started blocking its default port. Commenters are split: security folks say “about time,” nostalgics say it still works in some places, gamers worry about MUDs, and one voice roasted the post as “AI slop,” fueling extra drama.
On January 14, the internet basically pulled the plug on Telnet, the old-school login tool that sends passwords in plain text. Observers at GreyNoise watched traffic on Telnet’s default port 23 fall off a cliff—down 65% in one hour, then 83%, and it stayed low. The hot theory? Big U.S. internet backbones quietly started blocking Telnet. Days later, a new security bug dropped and CISA put it on the naughty list, and the comment section went nuclear.
In the replies, the split is fierce. Pragmatists shrugged—“Good riddance,” basically—arguing Telnet is a security dumpster fire and this was long overdue. But nostalgia and confusion crashed the party: one user flexed that “telnet SDF.org just works…”, another insisted they still use Telnet inside company networks, and a gamer asked if beloved text-based games (MUDs) are safe if they don’t use port 23. Translation: some traffic may still work, especially on other ports or inside private networks.
Then came the drama: a blunt takedown calling the post “AI slop” lit the fuse, sparking a meta-debate about the article’s strange, sing-song style. Meanwhile, memes poured in: “Press F for Port 23,” “Mirai can’t sit with us,” and “Goodnight, sweet prince.” Telnet might not be fully dead, but the vibes? Very terminal.
Key Points
- •GreyNoise observed a step-function collapse in global Telnet (port 23) traffic starting January 14, 2026, 21:00 UTC, dropping 65% in one hour and 83% within two hours.
- •The new Telnet traffic level stabilized at ~373,000 sessions/day (59% below baseline) through February 10, indicating a sustained change.
- •Eighteen ASNs with >50K pre-drop sessions went to zero; five countries (Zimbabwe, Ukraine, Canada, Poland, Egypt) vanished from GreyNoise Telnet data.
- •Cloud providers (AWS +78%, Contabo +90%, DigitalOcean +3%) were largely unaffected, while U.S. residential ISPs and Verizon/UUNET (AS701 -79%) saw major declines.
- •The pattern suggests North American Tier 1 transit providers implemented port 23 filtering; this preceded the CVE-2026-24061 advisory (Jan 20) and CISA KEV listing (Jan 26).