One of the questions that came up after the Open Hack session in Houston was how do I restrict access to IIS once I detected an attack from a specific IP address?
On a server OSs you can "lock out" requests coming in from specific IP addresses or subnets. As we all found out in Houston, you can not do that on Windows XP.
You can also specify the "locked out” IP addresses by writing them to the IIS metabase using the ADSI or the metabase interface.
MSDN has a few articles that show how it's done: