The problem with this sort of system is that it’s wrong. When a user fails to enter the correct password nost system will ban that IP address for a little while. Once that account and system or systems has been freed then it can try again. It’s just too easy to keep track and then ultimately ban the user permanently or at least a longer interval. So things like dictionary attacks do not work anymore. If the attacker is already inside the system and has access to the passwd file and/or the internal authentication does not have fail counters then that is a different problem.