Home 零对冲(ZeroHedge)每日HackerNews

关于Telnet已死的报道被大大夸大了。
Reports of Telnet's death have been greatly exaggerated

原始链接: https://www.terracenetworks.com/blog/2026-02-11-telnet-routing

一份最新报告声称,Telnet流量大幅下降与GNU Inetutils漏洞公告时间一致,暗示主要的ISP正在主动过滤该协议。然而,Terrace的分析对这些发现提出了质疑。 Terrace将原始数据与他们自己的内部观察、开放数据源以及RIPE Atlas测量结果进行了交叉比对,**没有发现主要ISP实施新的Telnet过滤的证据**。他们成功完成了受影响网络的Telnet traceroute,证明了持续的连接性。 原始报告中大幅的流量下降可能归因于Telnet会话的相关性——许多扫描源自于单个破坏性行为,而非广泛的网络变化。Terrace的AI驱动分析并未在他们自己的23端口扫描数据中检测到类似的下降,进一步支持了结论,即最初报告的发现不准确。本质上,观察到的下降并非由于网络级别的阻止,而是扫描行为的变化。

Hacker News新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交登录 Telnet 死亡报告被严重夸大了 (terracenetworks.com) 16 分,ericpauley 1 小时前 | 隐藏 | 过去 | 收藏 | 2 评论 peterburkimsher 8 分钟前 | 下一个 [–] 相关:PTT BBS 是台湾一个流行的基于 Telnet 的论坛,至今仍活跃使用。https://en.wikipedia.org/wiki/PTT_Bulletin_Board_System回复 ChrisArchitect 1 小时前 | 上一个 [–] 相关:Telnet 死亡日https://news.ycombinator.com/item?id=46967772回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系 搜索:
相关文章
原文

You may have seen the recent news that Telnet traffic from major US ISPs dropped precipitously around the time that a CVE against GNU Inetutils was announced. Because this report has led to intense discussion around the role of core network infrastructure providers and implications for the security of network services globally, we at Terrace felt it was important to share our results and correct the record. After analyzing both our internal and open data, we believe there are critical errors that undermine the basic findings of the report.

The original report shows the number of Telnet sessions observed from GreyNoise across many source autonomous systems (ASes) by day. Their data show a dramatic shift in observed network traffic:

a sudden, sustained collapse in global telnet traffic — not a gradual decline, not scanner attrition, not a data pipeline problem, but a step function. One hour, ~74,000 sessions. The next, ~22,000. By the following hour, we were down to ~11,000 and the floor held. (Link)

We cross-checked this data against traffic observed by Terrace, other open observation data, and measurements of underlying routing infrastructure through RIPE Atlas. In sum, our results show that there is no new filtering of Telnet being performed by core ISPs. To be clear, we successfully performed Telnet traceroutes from reportedly-affected ASes to our servers as of today at 18:47 UTC.

Naturally, seeing such a dramatic and coordinated drop in traffic (from 10s of thousands down to zero) would make you suspect that the network is the common factor. As we describe below, the fundamental flaw of this approach is that sessions can be highly correlated: thousands of scans from disparate networks can be directly tied to individual noisy actions.

At Terrace we use artificial intelligence to detect trends from our global deployment of network sensors in real-time, so when we saw this our first thought was “how could we have missed this?” We went to the data, and as far as we can tell, the answer is that we didn’t.

We cross-checked ASes reported by GreyNoise against port 23 scanning data from Terrace. Of course, we filtered these to only incoming traffic that successfully completed the three-way TCP handshake to factor out IP spoofing. Here are those results:

联系我们 contact @ memedata.com