TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources THREAT INTELLIGENCE CYBERSECURITY ANALYTICS CYBER RISK ICS/OT SECURITY NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Asia Fumbles With Throttling Back Telnet Traffic in Region Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall the region lagged in curbing Telnet traffic. Robert Lemos, Contributing Writer February 11, 2026 4 Min Read SOURCE: GREYNOISE INTELLIGENCE Many devices and consumer-grade routers in the Asia-Pacific region continue to use the insecure Telnet protocol, despite a recent critical vulnerability and the general insecurity of the protocol overall, underscoring the risks posed to organizations by the outdated technology. The problems persist despite recent curtailing of Telnet traffic by Internet backbone providers. In three hours on Jan. 14, Telnet traffic across the globe dropped from about 65,000 sessions per hour to 11,000 sessions per hour, an 83% decline in average traffic, according to data provided by GreyNoise, a threat intelligence firm. Yet, firms in the Asia-Pacific region saw some of the smallest decreases, suggesting that Asian network providers failed to — or decided not to — block the risky protocol, says Bob Rudis, vice president of data science at GreyNoise. While some nations outside the region, such as Ukraine and Canada, blocked all Telnet traffic, governments in the Asia-pacific inconsistently filtered traffic — Taiwan blocked 77% of Telnet sessions, India stopped 70%, Japan curtailed 65%, and China filtered 59%, according to GreyNoise data shared with Dark Reading. Related:Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates "Most companies have cleaned up Telnet, but there's a lot of Telnet on small-business and consumer networks — IoT, like cameras," he says. "There's just so much of it out there and no one's changing it, no one's touching it. No one's going to pay to replace it, because it's working fine." As a result, Asia continues to make up about half of all Internet addresses that expose Telnet, according to data from the Shadowserver Foundation, a nonprofit provider of threat-intelligence data. The company estimates there are 839,000 active Internet addresses globally with an accessible Telnet device. About half — 410,000 — are in the Asia-Pacific region. Telnet Continues to Be Major Issue for Asia More than half of Telnet scanning traffic coming from Asian-Pacific addresses originates from Chinese IP address space, with another 14% from India and 12% from South Korea. Most of the traffic (55%) are login attempts, while about 10% are generic passwords attempts that target Internet-of-Things devices. The recent authentication bypass flaw in the GNU InetUtils telnetd server — recently added to the Known Exploited Vulnerabilities (KEV) Catalog — has had less impact on organizations' networks and more impact on their mindsets, according to GreyNoise's Rudis. His theory is that some form of the vulnerability was known prior to the Jan. 20 public disclosure, leading to some major ISPs blocking the protocol. Related:LongNosedGoblin Caught Snooping on Asian Governments Source: Original chart from Shadowserver Foundation, text added by author The Shadowserver Foundation's data changed recently, but not because of changes to Telnet traffic. Instead, the organization's attempts to get a better picture of activity led to increases in detection, says Piotr Kijewski, CEO of the Shadowserver Foundation. Shadowserver broadened its detection to include less common Telnet ports, resulting in a spike in detections around Jan. 20, but then improved its filtering, resulting in a drop, he says. Over time, the amount of Telnet devices has slowly declined — from about 1.3 million six months ago, to about 1.2 million prior to the most recent drop — but it needs to happen faster, he says. "Telnet is an unnecessary attack surface and has long been replaced by other forms of remote terminal access, especially SSH," Kijewski says, adding simply: "Telnet should be completely gone." An Unintentional AI Impact Overall, the reaction of network operators shows that cleaning up networks can have a dramatic impact on the threat landscape in the region. The drop in Telnet traffic throughout Asia — and across the globe — is likely not the result of organizations seeking out devices exposing open Telnet ports to the Internet, but a reaction to the overwhelming traffic caused by AI companies' aggressive scraping of web sites, says GreyNoise's Rudis. In many cases, AI-scanning activity has caused router floods, forcing network infrastructure and Internet backbone providers to find fast ways to identify and block web-scraping bots and other sources of automated traffic, he says. Related:Student Sells Gov't, University Sites to Chinese Actors "The folks that run ISPs and hosting and routers ... their networks were just getting hammered and congested," so different regions around the world made some adjustments. "They changed up what the routers will do in response to various network scenarios," Rudis says. "If you do this much traffic in [a certain amount of time], we're just going to terminate your connection and send resets at you ... for at least three or four hours." Because web-scraping traffic can have a similar impact as botnet attack floods against open Telnet ports, such as those performed by Mirai, the blocking of aggressive AI web-scraping bots has resulted in the inadvertent advantage of slowing down attackers as well, Rudis says. While infrastructure companies have not sought out vulnerable devices and patched them, by blocking traffic spikes, they are mitigating the problem to some extent, he says. "I knew that there'd be some overreaction somewhere to it, but I didn't think it would be, 'Let's block Telnet inbound everywhere," he says. "I'm thankful for that though, because this is going to prevent a lot of things. This is going to clean up some things that weren't clean-up-able before." Read more about: DR Global Asia Pacific About the Author Robert Lemos, Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk Beyond the Model: The Expanded Attack Surface of AI Agents AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns AI-Powered Cloud Security Posture Management More Webinars You May Also Like THREAT INTELLIGENCE Stealthy Linux 'Auto-color' Backdoor Infests US Institutions by Elizabeth Montalbano, Contributing Writer FEB 26, 2025 THREAT INTELLIGENCE Trump Targets Krebs, Revokes SentinelOne Security Clearance by Kristina Beek, Associate Editor, Dark Reading APR 10, 2025 THREAT INTELLIGENCE Cybercrime's Cobalt Strike Use Plummets 80% Worldwide by Nate Nelson, Contributing Writer MAR 07, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice THREAT INTELLIGENCE EnCase Driver Weaponized as EDR Killers Persist byRob Wright FEB 5, 2026 4 MIN READ CYBERSECURITY OPERATIONS Extra Extra! Announcing DR Global Latin America byTara Seals FEB 4, 2026 2 MIN READ CYBER RISK TransUnion's Real Networks Deal Focuses on Robocall Blocking byJeffrey Schwartz FEB 9, 2026 2 MIN READ Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk THURS, FEB 19, 2026 AT1PM EST The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk ON-DEMAND WEBINAR Beyond the Model: The Expanded Attack Surface of AI Agents THURS, FEB 26, 2026 AT 1PM EST AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns THURS, FEB 12, 2026 AT 11AM ET AI-Powered Cloud Security Posture Management WED, FEB 18,2026 AT 1:00PM EST More Webinars White Papers The Threat Prevention Buyer's Guide FInd the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 5 Steps to Stop Ransomware With Zero Trust 10 Ways a Zero Trust Architecture Protects Against Ransomware Why Removing Admin Rights Is the Key to Better Cyber Insurance Rates eBook Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a