If an attacker can (for whatever reason, be it rate limiting or cost) only brute force 100 guesses per time period (say, 30s), they'll expect to be able to 'win' the challenge in about 58 hours.

The probability of guessing the challenge _wrong_ once is (1 - (100 / 1000000)). Every 30 seconds you get another chance. The probability of guessing the challenge wrong N times in a row is (1 - (100/1000000)) ^ N. Around chance number 7000, the probability that you've guessed it wrong all N times goes lower than 50/50. ~7000 * 30s in hours is around 58 hours.

At some point the 2FA protected system should stop accepting guesses entirely for a period - the same way you would lock an account for incorrect password guesses, or at worst rate limit down to a single guess per time period after a certain number of failed guesses.