We've had people try here at MIT, of course - those who know MIT know tha t we don't use firewalls in general (the hackers are on the inside). However, we *have* kerberos'ed our z/VM TCP/IP stacks for the most part. Kids still try to hack in with the common ids and passwords, to no avail. I think. ;)
Peter