Here is what I do:
http://forum.mikrotik.com/t/configuration-to-block-users-that-tries-to-access-router-on-non-open-port-s/151840/1
In short. Anyone who tries any port on my routers that are not open, will be blocked for 24 hours to all ports, even 443 etc.
This gives me an access list with around 5K to 10K IP adresses blocked at all time.