I have a small ISP network.
Lately I have had some problems with clients having viruses and worms.
This causes a lot of "problem" traffic on the networks.
What I do is log the traffic with Wireshark, and inform the clients witch seems infected.
But maybe I should do more.
All clients have official IPs.
In the ACLs protecting them there is not much, only port 135-139 and 445 (windows file sharing) are filtered.
What more should be filtered in ACLs for this kind of use do you think?