Our Webserver which is running SQL Server 2005 was bruteforced a lot lately by several attacks. Those people mostly try to bruteforce your SA Account. An easy way to protect yourself against those attacks is to rename or disable your sa Account! This is how it works:
ALTER LOGIN sa DISABLE; ALTER LOGIN sa WITH NAME = [systemadmin];
Additionally you could change the SQL Server 2005 Port from 1433 to something else.
And another approach would be using Integrated Security and then turn off Mixed Authentication. An ADO.NET Connection String with Integrated Security would for example look like that:
Data Source=Your_Server_Name;Initial Catalog=Your_Database_Name;Integrated
Hope that helps..