I use a product called RDPGuard that stops brute force attacks on a variety of services including MSSQL by blocking IP Addresses after 3 failed logins. You set the # of failed logins to block and you can specify when to unblock.

www.rdpguard.com