Mikrotik Router Firewall Brute Force Attack Prevention | DDOS Attack

A brute force attack is crypto analytic attack that can, it used against any encrypt data.  It checks systematically checking all possible password until the correct one is found.
This example provides how to prevent FTP Brute force login in mikrotik router.
This configuration allows only 10 FTP login incorrect per hour.  

Prevent DDOS Attack
/ip firewall address-list add list=Block_spam address=192.168.1.0/24
/ip firewall filter
  Add  chain=input action=drop protocol=tcp src-address-list=Block_spam
     dst-port=21

 add  chain=output action=accept protocol=tcp content=Error FTP Login
     dst-limit=1/1h,9,dst-address/1h

 add   chain=output action=add-dst-to-address-list protocol=tcp
     address-list= Block_spam  address-list-timeout=1h

     content=Error FTP Login