Rob can better explain this and any specifics, but here's the basics.
All unknown SIP requests are throttled such that a minimal number of requests per minute will be allowed in. This is the mechanism that allows a new external extension to try to register. If it registers properly, it will be white listed and throttling will be removed as long as it stays registered.
During this throttling period, it will allow a small handful of attempts to come in, and not very quickly. This allows you the ability to try and configure a new phone, make a mistake or two and still be able to register before getting locked out for a period of time.
Upon too many failures, an escalating algorithm is put in place to lock out the IP for a period of time. Those details Rob would have to pipe in, but it should escalate fairly quickly towards getting banned.
If it's not getting banned, you may want to provide a bit more information such as what rate are the requests coming in at and how long that has been allowed to further evaluate the situation.