Originally Posted by epic1337
but thats different from being specifically targeted, plus a sensible firewall can handle "most" probing attacks.
Very few firewalls have active counter measures. If you have an open port and a vulnerable service listening on it, it can be found and exploited.
Even running an up to date server with no vulnerabilities I was getting bots trying to brute force port 22 SSH and even with no known flaws unless you have a 20+ random character password there's a good chance someone can brute force their way in. Even with a strong password I had to implement active counter measures like fail2ban to ban peoples IP's after 3 unsuccessful attempts, there was just crap loads of bots probing and taking drive by pot shots.
Without active counter measures people can basically take infinite shots at you until a successful exploit is found.