I continue to be satisfied with blocking telnet on managed networks around the turn of the century:

“Thankfully, twenty years later, somebody thought to check the server end for the same vulnerability.”

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/