Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How to monitor a compromised server in real time?
3 points by malandrew on June 21, 2013 | hide | past | favorite | 2 comments
These days there is a lot of discussion on how to secure servers and communications. What I see missing from the advice is how to log unauthorized (and authorized) activity in real time to another uncompromised machine?

What services and open source projects exist to determine when a machine has been compromised and to collect evidence of the compromise in a real time way to be able to figure out what the attacker has done in a way that makes it much harder for them to cover their tracks?

For example, what can/could Sharyl Attkisson and the administrators at CBS and other journalism outfits do to discover they've been hacked and collect information on the hacking that would be a smoking gun to point to who was responsible and what they did while snooping around?



Riot, the company behind League of Legends monitors malformed packets to detect various types of hacks. The idea behind it is that malformed(invalid) packets are a necessary precursor.


Do you have a link to an article that explains why malformed packets are a necessary precursor?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: