That when you connect you router to internet and after a few hours, when done with configuration, in log there are mostly only entries from firewall rule, which drop traffic from internet to port 8291…
Sorry if that was already discussed, but I’m from the times, when Mikrotik was selling only those ugly black boxes - which you had to assemble by yourself… 
I’m shocked that a trainer uses the default winbox port 
The trainer doesn’t, the trainer just says the bots do.
Yeah was working on some Palo Alto boxes today and it did not take long for a user “MikroTik” to give it a try 
Why would you have a rule that drops traffic entering on port 8291.
If one has a drop all else rule at the end of the input chain and forwar chain…no worries.
If one was proactive and wanted to be more aggressive one would log all entry attempts on port 8291 on input chain and block those IPs for all ports on raw chain.
That’s what I do…