alt.hn

2/11/2026 at 8:20:48 PM

Reports of Telnet's death have been greatly exaggerated

 https://www.terracenetworks.com/blog/2026-02-11-telnet-routing

by ericpauley

2/12/2026 at 4:51:56 AM

I first used telnet in the 1990s to connect and play a text-based MUD.

Back then we had large monitors with black background and green text font; for most people black background and white text was probably more common, but I remember having played that MUD for some weeks on such a setup (on a campus site, so these computers were used by students; we only had access to the campus on the weekend as the main guy's father in our group worked at that university).

It actually was fun to use telnet like that and play the MUD, even if inconvenient. Of course our group soon switched to MUD clients that were more convenient to use, so using telnet became super-rare. I only used telnet a few more times after that. About three times again playing lateron when I had no internet connection, and for a few other things too, unrelated to MUDs, e. g. testing websites and similar activities.

For connections, I kind of use ssh much more frequently so, even on windows via the tabby terminal. It is not as convenient on Linux (there I tend to prefer KDE konsole) but it works fairly well.

I have not used telnet in quite some years now, but I still remember fondly to having typed commands to search for herbs in a meadow on that MUD (well, room designated was meadows and you could find herbs which would replenish over time, so you could search, sell and so forth; I have not played any MUDs since decades but it was fun in the 1990s era).

Telnet will probably never die since it is so simple, but I think it is also not quite as important as it was, say, in the 1990s or so. Would be interesting for statistics that could measure this more objectively.

by shevy-java

2/12/2026 at 5:03:44 AM

Were your MUDs on port 23? <runs and hides>

For Tiny* servers, "raw telnet" was considered a ghetto experience. The worst part was that the asynchronous output would just stream in whether or not you were done typing, and you'd invariably lose track of what your input line looked like. So the primary task of a TinyMUD client was to separate them. Some used a "split screen", and some just kept refreshing the input line as new output was displayed.

None of our MUDs ever appeared on port 23 and none of our servers ever spoke "The TELNET Protocol" as found in RFC 854. Telnet was simply the bundled TCP client that you could use for anything.

The other cool features for a MUD client was using macros to perform repeated tasks or say interesting things, and /hilite and /gag were indispensable. /gag silenced/muted a player or a pattern-match of your choice, and so to play with "raw telnet" was to unblock all your /gagged players and let them get under your skin again. A fate truly worse than death (well you got paid "insurance" for dying, so many people enjoyed the experience.)

Also popular in Tiny* clients was cursor line-editing and a command history. One client developer was sort of a troll, and so when he forked "tinywar" it began to feature some automation that could permit a player to make a real nuisance of themselves. But he was also a great programmer, and not all tinywar users were trolls, so it got put to good use.

Ultimately, Explorer_Bob wrote TinyFugue, and Ken Keys "Hawkeye" took over development, pushing it into amazing heights on a level with MUSH programming, and TinyFugue basically became the gold standard client for Unix and was also ported to Win32, and ultimately abandoned in an extremely stable state. I went to school with Ken. Miss you, man!

by RupertSalt

2/12/2026 at 4:52:22 PM

I think all the TinyMUDs I used (CMU and whatever the one in OK was), listened on nonstandard ports.

I had to use a VMS system which had different telnet behavior (staircasing due to CR/LF mismatch) and originally used a locally developed client (TINT mentioned here https://www.linnaean.org/~lpb/muddex/clients.html) then learned C to write a subsequent client (DINK) which supported macros and "portals"- an early way to transit across different MUDs. A few years ago I learned that DINK was forked and improved- my early C code was awfully bad. It's still bad, but it was awfully bad then.

The one funny bit is that I copied TINT's exit command (Control-Y) instead of using /quit which led to several years of email complaints form folks who couldn't exit the mud (in those days, you usually just had one terminal connection, and if you couldn't exit a program, you had to forcibly disconnect the modem).

by dekhn

2/12/2026 at 6:30:39 AM

> room designated was meadows and you could find herbs which would replenish over time

I'm sure several MUDs did this, but, this sounds an awful lot like my home MUD of Achaea, which started in ~1997, still exists (healthily!), and has this exact system :)

by Twisol

2/12/2026 at 4:59:19 AM

Surprisingly measuring legitimate Telnet usage may be even harder than measuring attacks! Getting representative metrics of benign src-dst endpoint pairs while controlling neither approaches impossibility, especially since at global scale it’d be mixed with (I suspect) orders of magnitude more attack traffic. Best you could probably do is measure on a clean-ish ISP like a university network.

by ericpauley

2/12/2026 at 6:01:56 AM

The last time I used Telnet was back in the late 80s for mostly CS class pranking, to remotely launch 50+ Xeyes Xwindows widgets on my class mate's Sun Workstation screens through a timed bash script. Watching them freak out as dozens of eyeballs suddenly appeared, while acting all innocent.

by jnaina

2/12/2026 at 5:47:19 AM

The only time I use telnet is when I'm building something with the socket API and want to make sure I did the setup/connection handover correctly so I make a quick echo server and connect over telnet just to confirm its working.

by pests

2/12/2026 at 2:33:53 PM

The last time I used telnet was... today actually, to debug our memcached cluster :-D

OK to be fair it might not be THE telnet protocol but still.

by foobarian

2/13/2026 at 5:17:15 PM

In my opinion just like IPv4, telnet and ftp will be around long after all of us. Teach your grand-kids all the escape sequences, variables and terminal types. This will be required for their Pip-Boy to connect to mainframes and terminals when keys are missing.

by Bender

2/12/2026 at 6:01:37 AM

I [ab]use telnet regularly as a debugging tool than its intended purpose. Pretty handy tool to check TCP connectivity.

by exabrial

2/12/2026 at 6:16:56 PM

Yeah it's an easy way to check if a port is responding, and you can actually drive some protocols using telnet.

Eg: `telnet some.http.addr 80` and then type in `GET /index.html HTTP/1.0` and hit enter twice.

You can use it to test SMTP servers too.

by ktm5j

2/12/2026 at 1:20:51 AM

Well, that certainly explains why no one in the US telnet BBS community seemed to be discussing having connectivity problems.

by evanelias

2/12/2026 at 8:15:47 AM

Some audio/video receivers still use telnet to control them over the network, like those still sold by Denon/Marantz [0].

[0]: https://assets.denon.com/documentmaster/us/heos_cli_protocol...

by jiehong

2/13/2026 at 2:09:58 AM

Lutron used it for their integrations platform up til very recently. It was extremely convenient, being able to write little scripts that do things like turn off all the lights

by paradox460

2/12/2026 at 8:56:39 AM

Some of KUKA's controllers still use telnet in their startup sequence.

by w4der

2/12/2026 at 11:52:38 AM

A large industrial robot running an insecure protocol - what could possibly go wrong?

by lambdaone

2/12/2026 at 1:26:19 PM

Thankfully all factory networks are airgapped from the internet, so it's a non-issue!

Right?

by myself248

2/12/2026 at 10:31:22 AM

Telnet scanning is definitely down overall from what I can tell, but only by half of what it was in past months. It spiked a bunch around the time of the telnetd cve, but that's to be expected.

by nubinetwork

2/12/2026 at 4:05:53 AM

> However, in the context of data from Terrace and others we believe a more likely factor is the vantage point itself. Internet scanning often consists of large campaigns coordinated by specific actors,

How does one do a measurement of traffic like this? You would have to own the nodes in the packet route to be able to see traffic, but TerraceNetworks or GreyNoise don't seem to be companies that do that. How do they get the data to analyze?

by cobertos

2/12/2026 at 4:20:32 AM

Greynoise and others have shell companies and spin up exposed infra specifically to pick up scanning activity.

They have them all over the world to get attackers scanning only certain regions etc.

I should also note - I’m extremely skeptical of the OPs claims or inference that the attackers have potentially fingerprinted greynoises sensors. To suggest this while some traffic increased from specific ASN’s seems unlikely that this was the case.

If it’s not clear - this was written by a competitor of theirs.

by signalblur

2/12/2026 at 5:06:40 AM

If you want a disinterested perspective from the Research & Education community, look to CAIDA, the Center for Applied Internet Data Analysis: https://www.caida.org/

Also I just found "Hawkeye" the author of TinyFugue, Ken Keys, employed here! Cool beans!

by RupertSalt

2/12/2026 at 5:11:00 AM

CAIDA is doubtless a gold standard. One thing to note, however, is that the same vantage point avoidance issue applies even more to publicly-documented vantage points. In fact, it was concerns specifically about adversarial avoidance of academic telescopes that led to our research at UW-Madison and eventually to Terrace.

When looking at telescope data like CAIDA’s UCSD-NT, it’s also important to remember that source IPs can be spoofed absent a valid handshake, something that both our and GreyNoise’s analysis accounts for.

by ericpauley

2/12/2026 at 4:29:28 AM

We cannot know for certain what the root cause is. However, honeypot fingerprinting is a well-known risk for any vantage point, particularly a high-profile one.

by ericpauley

2/12/2026 at 4:19:42 AM

This is a very challenging problem, especially if you don’t want to be over-concentrated on specific threat actors (as we suspect has happened here).

by ericpauley

2/12/2026 at 3:01:01 PM

Half the time when people say they're using telnet (including in this thread) they're really just using the client as a TCP client, not doing anything with the Telnet protocol.

No one is stopping you from using the telnet client. And really you should just use netcat

by IAmLiterallyAB

2/12/2026 at 4:43:50 PM

There's one thing I haven't figured out with netcat- how do you know it connected? (I just looked it up, after many years: the -v flag. Which makes sense because netcat is supposed to be "transparent").

by dekhn

2/12/2026 at 6:04:40 AM

I use it strictly on older systems that only use telnet and for casual port checking on some equipment. Last time I had to check if AIS equipment is working properly. Some people think "servers" are the only thing in this world. Telnet is one of those things that probably keeps this world function properly.

by batrat

2/12/2026 at 6:19:12 AM

For port checking I use `curl -v telnet://host:port`

by akdev1l

2/12/2026 at 7:53:04 AM

nc -v host port

by INTPenis

2/12/2026 at 1:05:12 AM

Glad this one didn’t open with a song parody.

by m-hodges

2/12/2026 at 5:50:31 AM

Instead, they chose a classic, yet timeless pop-culture reference: Mark Twain in 1897.

http://isabevigodadead.com/ [That's right, kids. There is no HTTPS server.]

by RupertSalt

2/12/2026 at 1:52:08 AM

Do you have to restart your computer to exit telnet?:)

by nnurmanov

2/12/2026 at 11:58:46 AM

Unfortunately towel.blinkenlights.nl is permanently dead

by laurensr

2/12/2026 at 12:37:13 PM

It's not though.

I thought it was, and posted this same comment on the other telnet article. But I was informed that it is back! And I was able to confirm it myself.

I don't have a telnet client on my Mac, but I was able to confirm with nc.

    nc towel.blinkenlights.nl 23

by cbarrick

2/12/2026 at 1:32:00 PM

No it's not, it only works on ipv6 now.

by nancyminusone

2/12/2026 at 10:14:26 PM

Thanks for pointing that out! My ISP, (Orange Belgium), does not support IPv6 yet!

by laurensr

2/12/2026 at 12:19:31 PM

I upvoted your comment for the news but wish I could downvote the news.

by alexpotato

2/12/2026 at 1:19:06 AM

The main question is why use Telnet when ssh is available. Some people mentioned routers, maybe that is why. But I would think in this day and age routers would now use ssh.

I do remember reading a long time ago telnet does/can support encryption. But when I looked at the systems I have access to, the manuals have no mention of that.

by jmclnx

2/12/2026 at 5:32:32 AM

The biggest remaining production use of telnet is IBM mainframe and midrange systems. tn3270 which is a telnet extension implementing support for 3270 block mode terminal data streams is still in widespread use, and there is also tn5250 which does the same for 5250 terminals (used on IBM i / AS/400)

This use case is perfectly secure, because IBM mainframe/midrange telnet servers support telnet-over-TLS, and that’s what people run in production

For connecting to mainframes, SSH has no real advantage over TLS, and its major disadvantage is that there is no standardised way to transmit 3270/5250 data streams over it

But people looking for telnet traffic over the public Internet probably won’t even notice this, because they aren’t looking for telnet over TLS - which is difficult to distinguish from whatever else over TLS - and because almost all of it goes over VPNs not the public Internet

by skissane

2/12/2026 at 5:46:31 AM

This is, as far as I know, a completely accurate and factual take. It is also nearly irrelevant.

The two entities which have reported on this event are looking for tcp traffic on port 23, not TELNET protocol traffic. So indeed, as you say, if they are tunneled in VPN, or encapsulated or using an alternate port, tn3270 traffic will not be detect on port 23/tcp. Telnet over TLS is assigned to port 992, so any RFC-compliant implementation would be found there, and irrelevant, again, to the telnetd CVE reported this year.

There are two facets to January's incident: the vulnerability in the GNU implementation of telnetd, and the purported, widespread blocking of port 23. The original report went out because of the coincidence they perceived there, and especially because the latter preceded the disclosure of the vulnerability!

Mainframe tn3270 servers would not be subject to this vulnerability. If there had been a port filter in place, it only would've tripped-up the mainframes that still used port 23, which is evidently optional, and it says here that many admins want to keep AIX's telnetd bound to port 23 anyway.

So it is good to know that TELNET protocol, and its extensions, are alive and well. We may not actually know how many clients and servers implement the protocol itself, since MUDs made this a routine thing, but certainly the deployment of IBM systems is formidable, considering the sheer mass of the iron in their rack mounts.

by RupertSalt

2/12/2026 at 5:50:43 AM

You can wrap any TCP protocol in TLS which means every TCP protocol supports encryption, Telnet included. The app (and server) simply need to wrap their connections in TLS, which is trivial in many programming ecosystems.

And IMO, X.509 (used in TLS) is virtually superior over SSH’s bespoke certificate format in every way. You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).

The main downside is that X.509 is more complex.

by harrall

2/12/2026 at 5:57:56 AM

> You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).

It doesn't do full chains, but SSH does have certificate authorities. I agree that the lack of intermediate CAs is a limitation (a CA can only sign a leaf node public key directly), but it's still super useful.

by yjftsjthsd-h

2/12/2026 at 4:32:22 PM

It is surprisingly common to find routers with " export firmware " installed out of the box, that do not have ssh support to avoid the interactions with US Cryptographic export licencing complications

by benjojo12

2/12/2026 at 4:52:51 AM

I had a similar question. I use ssh usually these days. Telnet has one thing going for itself though: simplicity.

by shevy-java

2/12/2026 at 1:25:48 AM

Probably because ssh ciphers change, telnet doesn’t, and you’re not really supposed to be internet exposing those interfaces anyway.

by drum55

2/12/2026 at 1:49:52 AM

SSH without proper key management offers marginal benefits compared to telnet.

by Nextgrid

2/12/2026 at 2:02:09 AM

However bad your key management is, unless you're on an older ssh that will let you choose to use the "None" cipher, you're still better off than telnet!

by Quarrel

2/12/2026 at 4:47:26 AM

Right? It doesn’t even make sense - on any actively updated ssh agent you’d have to go out of your way.

Also - SSH offers more than just encryption, but also data integrity - you can modify / manipulate a telnet session in ways you just can’t via SSH

by signalblur

2/12/2026 at 11:34:25 AM

[dead]

by trumpdong

2/12/2026 at 1:59:09 AM

[dead]

by gzread

2/12/2026 at 2:13:47 AM

Why use ssh when wireguard is available?

by themafia

2/12/2026 at 6:01:49 AM

Because I want to login to my user account without sending a password over the wire. If telnet can use keypairs to authenticate users then I guess I don't mind that as a solution, but I haven't heard of it? Also I do care about per-user auth because some of us still work in environments where servers have multiple users.

by yjftsjthsd-h

2/12/2026 at 6:26:17 PM

> over the wire

You know what wireguard is?

> If telnet can use keypairs

Kerberos exists, so, yes, it can.

by themafia

2/12/2026 at 6:42:20 PM

>> over the wire

> You know what wireguard is?

I suppose if you prefer, I can write "over the network". The point is that the password leaves my machine. As a practical example: With password auth, if an attacker gets root on a server then they can read your password and log in to other machines. With SSH keypairs, this isn't possible (unless you go out of your way to forward an SSH agent, and even then there are mitigations).

>> If telnet can use keypairs

> Kerberos exists, so, yes, it can.

This sounds promising, and in fact at least one page I found about it claims that kerberos+telnet encrypts the session, at which point I don't immediately see what we need wireguard or ssh for. On the other hand, it looks like eg. GNU inetutils telnet doesn't support it? In fact, https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-us... says

> The Kerberos V5 telnet command works exactly like the standard UNIX telnet program, with the following Kerberos options added:

which makes it sound like they've just made a special telnet variant with these features, at which point it rather feels like we've just re-invented ssh under a different name.

by yjftsjthsd-h

2/12/2026 at 9:19:38 PM

> With SSH keypairs

Which is just an abstraction of a password. Instead of storing it in your mind and sending it over the network you store it on your harddrive and use to calculate things on the network. Haven't you just moved the security boundary slightly? You're now also mixing up authentication and encryption into one package which isn't strictly an upside. Granted you can secure your key with a password or a yubikey but now you're messing with agents or you're typing that password an incredible amount.

I see your point. The dead simplicity of telnet session over encrypted tunnel still appeals to me in the face of the structures above. It also means you can elide the whole "how do I do this complicated port forwarding with ssh" question entirely.

> we've just re-invented ssh under a different name.

ssh is the best implementation of self signed security you can get. With kerberos we actually get a central authority and it separates authentication and encryption rather nicely without requiring user agents running as daemons.

by themafia

2/13/2026 at 1:49:13 AM

> Which is just an abstraction of a password.

I don't think that's functionally true. The important thing is that with telnet or password-auth ssh, you send the actual text of your password to the server. With ssh keys, the server and client do some magic crypto math to let you prove you control the private key without ever sending it. Therefore, a compromised server can steal a password, but not a ssh key.

(Yes, in theory perhaps you could do some fancier way of proving that you know a password without sending it, but 1. I'm no cryptographer, but the fact that openssh hasn't done this feels suggestive, and 2. that is once again a pretty big change for the nominal goal of keeping telnet)

> ssh is the best implementation of self signed security you can get. With kerberos we actually get a central authority and it separates authentication and encryption rather nicely without requiring user agents running as daemons.

Sure. Like, I've never thoroughly evaluated kerberos in depth (again, I'm no cryptographer), but I hear generally good things. My point is that by the time you have kerberos, you aren't really using what I would call telnet anymore, you're using something that acts like telnet but backs into a completely different authentication and communication system, and at that point you might as well use a completely different authentication and communication system without pretending to be telnet. This goes double because (open)ssh does support kerberos.

by yjftsjthsd-h

2/12/2026 at 2:20:46 AM

So I don't need root permission or kernel networking stuff setup.

(I do run Wireguard, it just feels like sometimes a VPN is a sledgehammer to solve a port forwarding problem)

by 01HNNWZ0MV43FF

2/12/2026 at 2:51:14 PM

Frankly I'm a little sceptical about the claim that large ISPs are blocking telnet on their core routers. Core routers need to forward traffic, not inspect it. I don't see why a large ISP should burden its core infrastructure with something so trivial as telnet-specific traffic.

by the_biot

2/12/2026 at 4:03:30 PM

telnet is very popular tool to check the port firewall

by yamapikarya

2/12/2026 at 2:04:43 AM

I think scoffing at plaintext protocols is silly. Contemporary security architecture is a nightmare. It’s like scoffing at keyboards for sending key codes in the open to the HID controller because you’ve failed to secure your machine so badly you have adversaries in your HID controller.

If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS. If there’s anything that should be scoffed at its us now with our bloated opaque corporate controlled OSes.

by user3939382

2/12/2026 at 2:07:00 AM

Tangentially, I saw an ad the other day for software which purports to encrypt your keystrokes: https://www.keystrokelock.com/ I have no idea what that means.

by eurleif

2/12/2026 at 2:25:06 AM

Me neither.

I looked into their Support documentation and it explains how to run the app, not how it works.

I read a 2-slide "Whitepaper" and it describes the many advantages and sort of tells you how it starts in "Ring 0" and the TPM and uses public-key cryptography, but not how it works.

They have trademarked KTLS™, but Kernel TLS is also an extension of actual TLS into the Linux kernel, so good luck differentiating that. Isn't it fun how you can trademark your trade secrets, but if you attempt to patent them, that means public disclosure.

If I had to hypothesize about it, I'd say that there is a Ring 0 hardware driver that takes the USB data, encrypts it, and the encrypted data is tunneled to each application, where it is somehow decrypted transparently without modifying any of the user's applications.

I would research this more in-depth but gnomes have already stolen my underpants. UUU~~U~~~U+++ATH0+++ NO CARRIER

by RupertSalt

2/12/2026 at 2:19:35 AM

"Award-winning journalist on Fox News" and the padlock with an American flag really sells it for me.

Maybe I should get in on this grift. Curl American Patriot Gold Marine Corps Never Forget 9/11 Edition for only $200. Loads _any_ URL.

by 01HNNWZ0MV43FF

2/12/2026 at 2:46:32 PM

if that failed to make money people wouldn't do it

"no one ever went broke underestimating the taste or intelligence of the US public" - HL Mencken

by red-iron-pine

2/12/2026 at 11:14:27 AM

> "Award-winning journalist on Fox News" and the padlock with an American flag really sells it for me.

About 20 years ago I worked on backend stuff for the sales site for a well-known UK retailer that advertised their spiffy new web store on TV.

Part of the TV ad had a couple of smiley young people with Techie Girl typing on a computer, and a big animated padlock swooping in and clicking shut and Mumsy Middle-Aged Manager smiling happily, and cut to Hacker Guy typing furiously in a darkened room as a big padlock pops up on the screen and "SECURITY LOCKED" popping up, as he scowls at the screen. The VO was something like "and it's safe to buy online - our site has Security Built In" <fx: heavy padlock clunks shut>

This sequence - the animation and filming this part right their in our own web dev office - cost over five grand of mid-2000s money to make, most of which being the padlock animations. The clunk was my bike lock.

£5000. Five Thousand Pounds.

I can tell you they spent well under 1/20th of that in developer time to actually write the security code for the site. It didn't even use HTTPS, which was kind of a requirement even in 2006.

by ErroneousBosh

2/12/2026 at 11:09:13 AM

> If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS

I've had this conversation recently with a "Cyber Architect" who was losing his shit over SNMPv1 on our network passing community strings as plaintext.

Yes. If you sniff the traffic you can see the read-only password, which is left as default, and from that you can deduce that the ODU temperature for the microwave link is 32°C at the moment (pretty toasty for 3° outside air temperature). Big Fucking Whoop.

Concentrate on not having "bad actors" sniffing traffic on our network.

If the burglar is in your kitchen eating your sandwich out of the fridge, the problem is that the burglar is in your kitchen, not that he's eating your sandwich.

by ErroneousBosh

2/13/2026 at 2:15:04 AM

Same feeling I get when I see people freaking out about security flaws in smart locks

A burglar isn't going to hack your lock. He's going to smash your door or window and steal whatever he can get his hands on

by paradox460

2/13/2026 at 8:32:32 AM

I believe there's an XKCD about that.

by ErroneousBosh

2/12/2026 at 8:58:20 AM

> If you have a well secured LAN where trust is social SSH gets you nothing.

Unless you're doing automatic and mandatory SSH key rotation (which almost nobody ever does) then SSH is just "password on a sticker next to the monitor" with a long password.

by otabdeveloper4

2/13/2026 at 2:46:43 AM

[dead]

by simpleusername

2/12/2026 at 12:07:28 PM

[dead]

by reeddev42