@aldo142
You can setup IP firewall with SYN/DoS/DDoS protection by following this guide: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=28606504.
This works against non spoofed/randomized source IP addresses, I have similar setup, BUT when attacker uses random source IP addresses in packet it will fill your blocked IP’s address list and it will eventually result out of memory on ROS (this means DoS is still present for ROS). For this purpose it will be better to have MAC address lists in ROS (which ROS don’t have), blocking by MAC address will be more effective for these kind of attacks.
You can test attack with hping3, eg:
Non randomized source IP flood:
~ root# hping3 -c 15000 -d 120 -S -w 64 -p <TCP_PORT> --flood <ROUTER_IP>
Randomized source IP flood:
~ root# hping3 -c 15000 -d 120 -S -w 64 -p <TCP_PORT> --flood --rand-source <ROUTER_IP>