Comment by kortilla

> I don't understand how people are dismissing that so easily

Because that’s not where 99.9999% of attacks come from

Fire up a web server on a public ipv4 address and you’ll get hundreds of requests per day from bots probing endpoints for vulnerabilities. Same thing goes for weak passwords on an SSH endpoint.