I wonder how many sysadmins spend some time looking at the logs on their internet-connected machines. I have several such machines and I can guarantee someone is knocking at the door whenever I choose to look at the log.
The other night, a nice Chinese machine was running through a script of silly login names, getting rejected. The day before, a Japanese machine was doing the same thing. They're all wasting their time, because the machines are well locked down, and run only what they need to.
Do you know what ports are open on your net facing kit?