June, 2018 | MTIN Consulting

You really should not have your winbox port open to anything but a management network, but if you need a script to help with brute force on the Mikrotik.
add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 \ protocol=tcp src-address-list=winbox_blacklist add action=add-src-to-address-list address-list=winbox_blacklist \ address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=winbox_stage3add action=add-src-to-address-list address-list=winbox_stage3 \ address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=winbox_stage2 add action=add-src-to-address-list address-list=winbox_stage2 \ address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=winbox_stage1 add action=add-src-to-address-list address-list=winbox_stage1 \ address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp add action=drop chain=forward comment="drop WINBOX brute downstream" dst-port=8291 \ protocol=tcp src-address-list=winbox_blacklist

Of course changing your Winbox port number and disallowing access from anything but trusted Ip addresses is one of the best ways.