Linuxdev is right. Logs aside, if you expose a service to the internet, attempts will be made to access it. If there are no limits to those attempts, the likelihood of your system being compromised is high. Even if that’s just your Nano, that gives an attacker a point of ingress inside your network, which is bad.
If you do allow access to your Nano from the outside, I would recommend not using any sort of password authentication. If whatever service (eg, ssh) supports public key authentication, you will want to mandate that instead. (PubkeyAuthentication yes, PasswordAuthentication no) That way a password cannot be guessed. Instead, add a password to your key when you generate it. By default, SSH on the Nano (and Ubuntu) is set up to use password authentication and there are no limits on the number of repeated failed login attempts.
It doesnt’ look like vnc specifically supports key pair authentication, but you can use ssh as a tunnel. Please see these articles on how to set it up:
Even with password authentication disabled, you can use gufw to set up rate limitations on the number of connection attempts for a given port (ufw limit …). Additionally, there are daemons that watch your logs (eg. psad, fai2ban) that will watch your logs and ban troublesome hosts automatically, however, ideally you want to stop this at your gateway, since parsing the log spam does burn a fair amount of cpu and typically gateways are optimized for this purpose.
If your gateway allows it, you might want to turn on some intrusion detection measures and/or ban incoming traffic from some entire countries.