A secure democratic Net is a fundamental right

If you prioritize and you start going are the big infectors/attackers and the control and command centers, than you can have an immediate positive effect. For the moment the DDOS attacks coming out of Belgium and captured by Arbor Networks are gone and Belgium is now out of the top5 of main attacking/infected networks on their matrix. 

BUt there is still a big problem on port 445 scanning as these indexes show

http://atlas.arbor.net/service/tcp/445

We aren't the number one anymore but some parts of the skynet network still has too much scanning on these ports. and sometimes it only depends on one server or part of your network to make a big difference. Clean them up boys and girl. It ain' t over untill we can go to normal again.

http://atlas.arbor.net/asn/5432

I would say that the advantage of having a firewall on each client station is that the port 445 would normally be closed for external contacts. 

It can be that there are sometimes logical explanations for this but these you have to get straight with arbor networks. But even, it isn't smart to have your server scanning or sending out packets that aren't needed or normal because Arbor is only one of the many honeypots and sensors out there. And even a honeypot would not have any interest in being so infected because it would only be blacklisted. I also see a legal problem here. If you would have a honeypot on the Belgian Internet that is being operated for a Belgian client or by a Belgian firm, can I sue them if my site is being infected by them ? It is just another server, I can't know that it is a honeypot..... Remember, the Belgian cybercriminality law is very very very strict.