The best defense is a strong CHAINSAW SWORD!!!
First off…I wouldn’t recommend having a sql server that is accessible from the outside world.
In my case though I have a development server that I run from a partners network. Somewhere down the line some one or “some many” have run a scan and found this out. So my logs are filling up with password attempts.
Start -> Run -> MMC
Add the RRAS snap.
Go to IP Routing -> General -> Properties of your network adapter
Create new inbound filters with the offending IP Address using 255.255.255.255 as the mask, make sure the default option “Receive all Packets EXCEPT…”
Cheers