I'm sticking to one-liners for this one ...
> So if reducing the likelihood of an attack is not a security measure, why
> bother having a burglar alarm in the first place?
Because they (often) stop the burglar from taking anything _after_ they've
broken in or allow the police to catch them in the act.
> Most hackers go after the soft targets. If you want to advertise that you
> are soft target, fine. I don't.
I advertise that I am not a soft target; if you are a soft target, you have
bigger problems.
> OK, he can guess, but to attempt to
> break in to an unknown server is more work than going after the soft
> targets.
Read a few howto's on breaking into servers and you might change your
perspective.
> It still goes on, so why don't we
> all just open our relays anyway?
Opening relays allows attacks, similarly to running an ftp server on your
web server directory with full write permissions to anonymous.
> if we knew the number of hackers worldwide and the number of servers to
> attack to calculate a statistical chance of being attacked.
With the speeds of current DSL and Cable connections, attempting attacks of
a few million servers is no longer difficult (or rare).
> What I'm talking about is reducing
> the statistical chance of being attacked.
There is no statistical difference if everyone takes your advice so it is
not a mid-term or long-term solution at all.
> any difference but I don't think it helps to assume that you can keep all
> your systems perfectly up to date re: security updates all the time.
Hire someone who can.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
