No, I'm afraid this won't hinder distributed attacks a lot. Each bot is probing a lot of different servers simultaneously, but for each server it tries e.g. one login per hour. That's the idea behind distributed brute force attacks. The 20s penalization won't change anything much -- albeit it would perhaps make bots consume more resources (tcp connections stay open longer, probing processes sleep and exist longer).