Hello,

 

has anybody experience with botnet detection in isp networks? We want to use netflow data to handle this issue (no deep paket inspection).

Our idea is to match the netflow data with different command and control server blacklists. 

 

Do anybody know where I can find up-to-date lists for free or service companies who offer such a blacklist service?

 

Thanks for your help.

 

Kind regards,

Kay Ehrlich

envia TEL GmbH - an isp in Central Germany

kay.ehrlich@enviatel.de