Well that's a tiny bit obnoxious that I'm being affected just because of my ISP. Anyway, I'm using Windows Firewall, because I really don't see a need for anything more than that.
Your ISP can hardly be responsible for every users system being clean and they can't arbitrarily block all port 135 traffic as it also has a legitimate purpose.
You could report the attacks (which as I said are randomly generated and not targeted) to AT&T. You would have to have the exact times of the attacks as ISPs dynamically assign IP addresses (or they may not have enough) to their customers, so that same IP could be assigned to many different users over the course of a day/week/month, etc.
Though I don't know if AT&T would be able to a great deal about it, as I said these attacks aren't targeted so there is the possibility that they go away as quickly as they arrived. If they don't do anything about it then you would obviously has to make a decision on their lack of customer service.
The windows firewall should stealth your system, but when someone is using randomly selected IP addresses within a range of IPs it doesn't matter if your system is stealthed or not as it isn't specifically looking for something on that IP, it is speculative that there will be something there. So currently the windows firewall isn't doing anything to block an inbound connection for your IP, or the network shield is getting in first.
I also don't know if even closing the ports as suggested will work as I don't know which would get in there first, avasts network shield (which is what is blocking it) of the closing of the ports.