MANY devices and consumer-grade routers in the Asia-Pacific region continue to use the insecure Telnet protocol, despite a recent critical vulnerability and the general insecurity of the protocol overall. The problems persist despite recent curtailing of Telnet traffic by Internet backbone providers; in three hours on Jan. 14, Telnet traffic across the globe dropped from about 65,000 sessions per hour to 11,000 sessions per hour, an 83% decline in average traffic, according to GreyNoise data.
Yet, firms in the Asia-Pacific region saw some of the smallest decreases, suggesting that Asian network providers failed to — or decided not to — block the risky protocol, says GreyNoise’s vice president of data science, Bob Rudis. Asia continues to make up about half of all Internet addresses that expose Telnet, with the Shadowserver Foundation estimating 839,000 active Internet addresses globally and about half — 410,000 — in the Asia-Pacific region.
More than half of Telnet scanning traffic coming from Asian-Pacific addresses originates from Chinese IP address space, with another 14% from India and 12% from South Korea; most of the traffic (55%) are login attempts. according to GreyNoise.