Here is the senerio:

You run a scan internally to find that the telnet ports to your routers are open.
You talk to the networking gurus about this and they assure you that it is only accessable internally , all router passwords have been changed and are complex and that they are all controlled by access-lists and only a couple boxes have access to the routers remotely. Are you concerned? Hell I am!!
I presented them with this senerio....I can launch a DOS attack and sniff the network to see who hits that device when the network team goes to investigate, then use that info to spoof the ip and access it through telnet using the info I pulled from the packet......Am I to paranoid? What are your thoughts?