After noticing several attempts to login as 'admin' & 'sa' on my Windows 2003 Server with SQL Server, I was able to terminate access to the server from the offending IP addresses by using Routing & Remote Access (RRAS) snap-in in Windows 2003.
Here's a brief run-down of what I did:
First you must shut down and disable Microsoft Windows Firewall.
1. Go to Start >> Administrative Tools >> Services
2. Scroll to the bottom to Windows Firewall/Internet Connection Sharing (ICS)
3. Right click and go to >> Properties
4. Under the General tab choose Startup Type: Disabled
5. Click Stop
6. Once the service is stopped click OK.
Start - Run- MMC - Add the Routing and Remote Access Snap-in
Enable RRAS on the server on all adapters
Since the attacks I was experiencing were from external addresses, I went to IP Routing, General, Public Network and selected properties.
On the general tab, select inbound filters and add a filter to receive all packets except those that meet the criteria below, then add the offending IP addresses one at a time.
In my case, the source address was the IP of the offending computer, subnet was 255.255.255.255 and the protocol was any. Once I cleaned up the offenders I saw a complete end to sa login failures in the application log.