Blocking NT Authentication Attempts

I'm using server 2008 standard as a web host. I'm occassionally seeing
a number of failed outside attempts to login to the server w/ false
credentials (hammering). Is there any way to prevent this? Is there a
port I can block to keep people from attempted authentication
(windows)? Maybe a good way to say "after 3 bad auth attempts,
temporarily block IP"?

- Thanks in advance!