I'm getting 100's of failed login attempts in my logs - I do have the Administrator account disabled, but in a 1 minute period, I had over 500 of these. How do I block/stop them? I do need FTP for clients, so blocking that port might not work.

Any ideas?

Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 11/29/2007
Time: 7:08:19 AM
User: N/A
Computer: E555123-12345
Description:
The server was unable to logon the Windows NT account 'administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....

check the netstat for connections that you do not know to your RDP port, then firewall off the ip.

Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 11/29/2007
Time: 7:08:19 AM
User: N/A
Computer: E555123-12345
Description:
The server was unable to logon the Windows NT account 'administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.

Someone is trying to brute force FTP server, MS FTP server is complete crap, replace it with something better if at all possible.

We use Gene6, which will ban an IP temporarily after x number of consecutive unsuccessful logins.