Good point - then what is the cost of attempting to mitigate or handle attacks vs. doing nothing?
I've found that they're usually higher than doing
nothing at all.
In the case of the fun in august, people who blocked the
microsoft ports that worms were spreading across (i mean newly
blocked them that is) saw increased support costs associated with
what was broken vs just leaving the network in the state it was.
While the increased traffic and infection was a problem,
the network devices mostly yawned at the activity and the irate
customers who were (ab)using the network to use these MS RPC
features were quite vocal about the filtering.
This also helped raise customer awareness that we can not
filter for them. They must manage their devices in order to
keep their network secure or get cut off from our network.
- Jared
(how i wish microsoft would release a stinking patch CD)
Be careful what you ask for. They may actually release a CD of stinking
patches. 
They just did (perhaps not on a CD) - viz. MS03-048. See
news://news.microsoft.com/eJnPecXqDHA.3504%40TK2MSFTNGP11.phx.gbl
Tony Rall