You need a linux machine to compile and run it.
It collects syslog messages from your's routeros device (there are instructions on how to use it) and adds the attackers on an address list which you can use to block them.
mean common sense and "understanding IP networking" (c).
but plenty of "copy-paste examples" floating around Web.
for example this one http://klseet.com/index.php/mikrotik/mi ... llsecurity
kinda missed something like that in default in userfriendly state, with text/UI wizards, like psad/snort/suricate/ebtables had on most desktop Linux distros.