Which of the following is NOT a method of botnet detection?

Employee email monitoring is not a recognized method for detecting botnets. Botnets typically operate by using a network of compromised computers that communicate with a command and control (C&C) server. To detect botnet activity, methodologies focus on network behaviors, patterns, and anomalies indicative of such malicious networks.

Sniffing traffic on common IRC ports, for instance, helps in identifying unusual communication patterns characteristic of botnets that often use Internet Relay Chat for command and control. OS fingerprinting is a technique used to identify the operating systems of devices on a network, which can provide insight into network vulnerabilities that botnets may exploit. Employing honeypots is another technique where decoy systems are set up to lure in botnet members, allowing security professionals to monitor and analyze behaviors indicative of botnet activity.

In contrast, monitoring employee emails primarily focuses on communication within the organization rather than detecting network-wide threats such as botnets. While it can help in identifying phishing attempts or the spread of malware through email, it does not provide the necessary visibility into the network behaviors that are essential for effective botnet detection.