Bruteforce on my mikrotik

Hi Guys, I have a serious problem with my vpn server
someone has started bruteforce on admin user ( btw I have no admin user but I wanna stop this for confidence )
the log shows me mac address instead of IP address, and the more serious problem is that mac addresses are changing on each attempt, like the picture below.
as you can see the first 3 blocks of mac address is static in each attempt and I wanna block the range , like the IP address range /16 or /24 or something like these.
Please help.

Would need to know first how is this setup.

Depending on your topology, you may block it at Bridge Firewall level, by setting src mac and src mac mask

To match only data from dell devices (for example):

Src MAC Address: 00:1A:A0:00:00:00
Src Mac Mask: FF:FF:FF:00:00:00

This rule will match 00:1A:A0:xx:xx:xx

However I would research first how this person is spoofing macs…