Today I was chatting in the #snort-gui channel on irc.freenode.net, and someone (who shall rename anonymous) mentioned that his ISP provides Ethernet connectivity. This surprised me because my previous employer had DS3 circuits as one might see in the image below.Tapping a DS3 connection requires specialized gear (as shown in the DS3 tap, but access to Ethernet is more readily available.
How many of you have Ethernet connectivity to your ISP?
The reason I ask is that many monitoring deployments place the wire access device (e.g., a tap) between the border router and your firewall. If you have Ethernet to your ISP, you could place the tap in front of your border router. This scenario would provide visibility to traffic addressed to the Internet-facing interface of your border router. You could monitor for attacks against the router without having to tap a T1 or DS3 connection.