RDP

How to protect yourself from password guessing on Windows 2008?

Good afternoon. There was a problem - 1C users working via RDP could not connect to the server. Server on Windows 2008 R2. The logs are clean, except for the "Security" section. It is full of unsuccessful login attempts, the interval between entries is 1-2 seconds. The usernames in the logs do not exist on this server. The port on the external is not standard (58342). How can I get the IP address of the offending PC?

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
  <EventID>4625</EventID> 
  <Version>0</Version> 
  <Level>0</Level> 
  <Task>12544</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8010000000000000</Keywords> 
  <TimeCreated SystemTime="2018-08-27T23:34:46.845715300Z" /> 
  <EventRecordID>4882562</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="804" ThreadID="6888" /> 
  <Channel>Security</Channel> 
  <Computer>IZH-HOST</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="SubjectUserSid">S-1-0-0</Data> 
  <Data Name="SubjectUserName">-</Data> 
  <Data Name="SubjectDomainName">-</Data> 
  <Data Name="SubjectLogonId">0x0</Data> 
  <Data Name="TargetUserSid">S-1-0-0</Data> 
  <Data Name="TargetUserName">АДМИНИСТРАТОР</Data> 
  <Data Name="TargetDomainName" /> 
  <Data Name="Status">0xc000006d</Data> 
  <Data Name="FailureReason">%%2313</Data> 
  <Data Name="SubStatus">0xc000006a</Data> 
  <Data Name="LogonType">3</Data> 
  <Data Name="LogonProcessName">NtLmSsp</Data> 
  <Data Name="AuthenticationPackageName">NTLM</Data> 
  <Data Name="WorkstationName" /> 
  <Data Name="TransmittedServices">-</Data> 
  <Data Name="LmPackageName">-</Data> 
  <Data Name="KeyLength">0</Data> 
  <Data Name="ProcessId">0x0</Data> 
  <Data Name="ProcessName">-</Data> 
  <Data Name="IpAddress">-</Data> 
  <Data Name="IpPort">-</Data> 
  </EventData>
  </Event>