

Ask HN: How to monitor a compromised server in real time? - malandrew

These days there is a lot of discussion on how to secure servers and communications. What I see missing from the advice is how to log unauthorized (and authorized) activity in real time to another uncompromised machine?<p>What services and open source projects exist to determine when a machine has been compromised and to collect evidence of the compromise in a real time way to be able to figure out what the attacker has done in a way that makes it much harder for them to cover their tracks?<p>For example, what can&#x2F;could Sharyl Attkisson and the administrators at CBS and other journalism outfits do to discover they&#x27;ve been hacked and collect information on the hacking that would be a smoking gun to point to who was responsible and what they did while snooping around?
======
smartwater
Riot, the company behind League of Legends monitors malformed packets to
detect various types of hacks. The idea behind it is that malformed(invalid)
packets are a necessary precursor.

~~~
malandrew
Do you have a link to an article that explains why malformed packets are a
necessary precursor?

