microtik rb450g Ip Address

Hi not sure if this is the right place to post.
I have an adsl router in bridge mode that goes to my microtik rb450g and i have a wisp that im just starting with 10 cpes.
my network range for the cpes is from 192.168.1.1/192.168.1.254 last week i saw in my router firewall i had an Ip address of 192.168.2.192.
So i changed all my passwords and the password encryption from wpa2 to wpa2 ares and i noticed the ip address dissapeared.
but 2 days later i have an ip address on my router firewall of 192.168.2.3. Does that mean i have a hacker on my system or some thing else.

2 days seems quick to crack a wpa2 ares password thats 18 characters long uppercase lower case and numbers and its not a word that means anything.

Or is i because i have my adsl router in bridge mode and the microtik as a pppoe client.

Can any one shed any idears.

Thanks for your time.

Seems some NAT problems in CPEs.

I’m using 10.0.0.0/8 network and here is my firewall:

[admin@xxx] /ip firewall filter> print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Drop RFC1918
     chain=forward action=drop src-address=192.168.0.0/16 

 1   chain=forward action=drop src-address=172.16.0.0/12

and

[admin@xxx] /ip firewall filter> print stats 
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                ACTION                            BYTES         PACKETS
 0   ;;; DROP RFC1918
     forward              drop                            477 134          11 190
 1   forward              drop                                  0               0

The client with “bugged” NAT is using emule or ares, or both… almost all time.