I think that the goal of the OP was to deny access from a certain IP due to a suspected brute-force password cracker. In which case there is a strong connection between username and IP -- the username is being cracked from a specific IP.

In which case, it is wise to block that IP's access for a length of time. Seems to me that blocking specific known malicious IPs is standard, effective firewalling practice.

And last, a DoS attack is always easy, and always possible. It's like vandilism in a way. . . but the methods you have described would be foiled by the OP's solution.

If you repeatedly try to log in, you will be denied access. Wasn't that the objective?

--twerq