when visitor fails a logon on a server the router than bans the ip from going thru the firewall. This would require and app on Linux/windows to read event logs. Than look for particular events were a user failed a web/ SQL/RDP/VNC/FTP/SSH/ or any other service that generates a failed logon attempt and includes the external source ip in the event. The app would send the ip and basic details to the router after so many fails the router would block all traffic from that ip and possibly subnet. IPBan by digital ruby does this for windows firewalls but only locally.