It's a matter of writing non-exploitable code so attack software like trinoo and tribe don't end up on your systems due to buffer-overflows in rpc or other services.
I put the emphasis back on the server admins. Security patches were readily available on the Sun site. Ignoring applicable security patches for months is likely to get you hacked and abused on todays net. Combine that with outgoing spoofed IP filters and we are beginning to make effective countermeasures. Yes, I will acknowledge the strong tendency to avoid touching a production server, but scheduled upgrade outages are vastly superior to hitting the front page as a trinoo source. Unfortunately all three above point to a need for improvement in the good netizen department. -bryan (as a server admin, this is where i say mea culpa)