What’s on your (ideal) border?
If you had a beefy Linux box with plenty of storage hanging on to your border router that can see all of your network’s ingress/egress traffic, what would you put on it? Why?
Let me know in the comments or via twitter!
I’m thinking some sort of netflow collector, maybe a layer 7 re-assembler. Full packet capture/logging perhaps?
