You can start by doing port scan targeting customers IP address to see if there are any non standard services up on CPE (unprotected proxy or similar). After that you can check what is going on by starting torch utilitiy at client's CPE (Tools > Torch), select WAN interface and check all boxes. That will give you good idea what is going on customers Mikrotik since it will list you all the connections in real time.
And what to do to prevent flooding - start by blocking connections that cause such traffic so you have easier time accessing CPE. You mentioned port 1080 - then you should combine customers IP address as source or destination IP and port 1080 as src or dst port (depending on direction of the traffic) to create rule in forward chain and block what you need at your equipement.