pptp blocking script

Hello! Need help. There mikrotik, internal network, pppoe authorization from the inside, etc. - Sign outside permitted by pptp. Recently, attempts were being made with different addresses to log out pptp. Here is a note from the logs:

Jul 17 17:25:12 AAA.BBB.CCC.DDD pptp,info TCP connection established from XXX.XXX.XXX.XXX
Jul 17 17:25:12 AAA.BBB.CCC.DDD pptp,ppp,info : waiting for call…
Jul 17 17:25:12 AAA.BBB.CCC.DDD pptp,ppp,info : terminating… - cntrl message too big
Jul 17 17:25:12 AAA.BBB.CCC.DDD pptp,ppp,info : disconnected

and such attempts to enter from different addresses very much, every second - in several different addresses.

Need a script that after 3 unsuccessful attempts to log on pptp outside, blocking ip address - that address prohibiting any access to the mikrotik.

you can add ip address in dynamic list for short time, if someone connects to router again, move to second list, and then to third list where ip becomes blocked

similar technique is used to protect ssh server on the router, you can look up that on the forum.