Hey
Do you have connection tracking enabled?
was the ddos on ipv6? there was an issue with that not so long ago (implementation in ROS), with a patch release. do you have it?
Edit: just noticed you don’t have connection tracking enabled http://forum.mikrotik.com/t/fasttrack-or-raw-is-better-for-blocking-ddos-attacks/132578/1