Few months back, Microsoft released a new module that blocked HTTP requests from brute force attack, http://www.iis.net/extensions/DynamicIPRestrictions   This is great for HTTP requests, but didn’t address another pressing need, FTP brute force attacks.  Robert McMurray published a walkthrough for the FTP service that shows how to create an authentication provider, that gives you dynamic IP restrictions for the FTP service.

Here is the how-to:
http://learn.iis.net/page.aspx/673/how-to-use-managed-code-c-to-create-an-ftp-authentication-provider-with-dynamic-ip-restrictions/

Thanks Robert for the great article.

Steve Schofield

Microsoft MVP – IIS