If you have a trace running, you can capture the hostname the source passed, but this isn't guaranteed to be accurate. You could also use network traces or an IDS product like Snort or Cisco's version to key on packets that tell of a failure... SQL Server will send back a login failure response and the destination host is what you'll be looking to capture. Information on what to look for can be found here:
http://www.freetds.org/tds.html
K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/
K. Brian Kelley
@kbriankelley