A subscription is a requirement, because a Spoof Command issues a Command, and only subscriptions can support such things according to Unwired.

Subscriptions and Data Requests are two completely different animals. (IMG:style_emoticons/default/wobble.gif)

I dunno. If a subscription is a requirement, spoofing anything is impossible. I read that bit about commanding drones (not devices) as referring to a persistent "sensible" connection that you *maintain* with your drones. It's not the same as being able to send a single command to a given device.

Except that subscriptions are only for two way links. They are a Fast, two way, maintained connection. Completely unnecessary for Spoofing.

Right.

TJ: Normally I think you have solid grasp of the SR rules. But I think in this one, you have a fundamental disconnect.

I see where TJ is going on this. Its kind of like a VPN connection. When the master and slave negotiate the connection, they are authenticating each other and making a secure tunnel between each other and only traffic using that secure tunnel, is valid.

This assumption, I think, is more between the lines then RAW. We can certainly argue both points. TJ is supported by the book saying a slaved node can only accept commands from the master node and the text saying you need access to the master node to send commands to the slave. That "feels" like there is a secure connection between the two that cannot be spoofed.

Ghost has a case, because nowhere in the book does it say spoof can't spoof, well, anything.

I think it comes down to how powerful you want to let the spoof command be and how tough you want to make slave nodes from being hacked...

I think it comes from the fact that it says you need to spoof the master then spoof the slave. It is using two different definitions for the word spoof. "Spoof the master" means 'spoof' as in 'pretend to be' while "Spoof the slave" means 'spoof' as in 'send a fake command'. When put together you 'pretend to be the master then send a fake command' which is covered in a single spoof action.

except that VPN is not a slave connection.

VPN is an encrypted connection, which is something completely different.
The way to cockblock spoof, is of course to encrypt your slave connection.

Then you need to:
Sniff the traffic
decrypt the traffic
spoof the AID
encrypt properly
spoof your command using your spoofed aid and the new encryption.

the exact wording is:
You can spoof the access ID of the master node, and then spoof commands to the slave.

It does not say:
You can spoof the access id fo someone with access to the master node, and spoof commands to the master that will be relayed to the slave.

You would still need to use spoof if you didn't have a security or admin access on the master node. It kind of goes back to what I was saying. You could hack into the master node as a user and then spoof commands to the slaves. Or, you could create a legitimate account in the master node and just send commands without fear of setting an alarm. Hacking the master node for a security or admin access to begin with is making it more difficult to get in without setting off an alarm.

READ page 55 of the book. It doesn't say any of those things. It says, hard hack the slave, hack the master, or spoof the slave.

You could also user hack the Master, and then use spoof to send commands to the slave.

How is this tunnel created? What prevents another device from sending something that looks like it came from the master? What method of identification above and beyond Access ID that cannot be duplicated is being used to confirm that something actually came from the master and not another source?

Now, I did just realize that for added security, you could encrypt the connection between master and slave, which would then require the encryption to be broken so that the hacker could properly encrypt the spoofed command so that it gets recognized properly by the slave.

Almost correct, but you don't need to spoof your AID as a separate action, that is part of what spoofing a command does.


That doesn't change anything. Just replace 'master' with 'access ID of the master node' and you still get 'pretend to be the access ID of the master and then send a fake command' which is still a single spoof action.

I never said anything remotely approaching that.

Sometimes, just sometimes, I miss the days when everything in the matrix was very standard, and you had rectangle data stores and hexagon CPUs and little triangle access points (IMG:style_emoticons/default/smile.gif)

double post again, freaking internet here is bonkers today.


On a side note, is there a way to delete a post?

Ghost, we're on the same side on this (IMG:style_emoticons/default/smile.gif)

I was talking to Deek and TJ who both DID say that.

I do admit, having a more abstracted system like that has its advantages, because you don't have people comparing it to real life. It also means somewhat less freedom though, so there is that.

I just want to make sure we're down to the following impassible barrier.

Side 1: "Spoof the Access ID of the Master Node" = Spoof the Master Node
Side 2: "Spoof the Access ID of the Master Node" = Get the Access ID of the Master Node

Any other points of contention?

No you got it in 1 (IMG:style_emoticons/default/smile.gif)

Ghost and I think that #2 is the right interpretation, TJ and Deek think #1 is.

I was just adding some information to support TJ and make a case that it made sense and could be interpreted this way. I would say that the tunnel creation is a part of the slaving a node process. That's all part of the setup and the effects of slaving a node. Obviously, its not spelled out in detail, but some of the wording used in RAW supports that.

I could also see you bypassing the whole thing and taking sabs (I think) point and taking a -6 to your spoof if the target is a slaved node. Then you could send whatever command you want using spoof. Just at a -6 die pool. And, you'd also have to know the master nodes AID, which is easy enough to get. A -6 to spoof is likely not a trivial matter for most.

I'm not saying either is right actually. But I do agree those are the 2 points of intention.

I can see where TJ is coming from and can read into some of the text to support that. I can also see where Ghost and sabs is coming from.

Personally, I'd prefer my players to feel safer when they slave their comm to the master hacker and not have to worry about being spoofed. That puts the spotlight on the hacker if someone is screwing around with hacking comms. And, I also feel that was the intention of the rules introducing slaving as an option. Not to make anything unhackable, but make it a single point of entry on a assumedly harder target.

PS: I do like the tag team debate going on here. It is rather enjoyable.

You need to define spoof in side one, because spoof has two major meanings 1) pretend to be 2) send fake command with fake credentials to. So, to further clerify:

Side 1: "Spoof the Access ID of the Master Node" = Send fake commands to the Master Node
Side 2: "Spoof the Access ID of the Master Node" = Get the Access ID of the Master Node (so that it can be used as part of the "Spoof a Command" action)
Side 3: "Spoof the Access ID of the Master Node" = Use Spoof to make yourself temporarily have the access ID of the Master node (And yet still have to spoof commands instead of sending regular commands)

I'm not entirely sure if TJ is on side 1 or 3 or both. I know that I am firmly in 2 because that is how the rules for spoofing a command work, and nothing in slaving says that spoofing works any differently from normal.

Note: I believe you would suffer the -6 penalty for the spoofing because you are using an admin account.

I think you are misunderstanding what spoofing is.
In Shadowrun, spoofing and hacking are two different things. In real life, of course, spoofing is one of the main tools of a hacker.

When you spoof, you are attempting to convince the recieving node that the sending node is a different node, such as the system that it's slaved to. It already has a subscription.
If you were to have a subscription you would have had to hack it, and there would be no point in spoofing.

Again, I am not confused here. I do know that the two tasks are completely different in Shadowrun. You cannot treat both Normal Nodes and Slaved Nodes the same for purposes of Spoof. And the Rules support that. (IMG:style_emoticons/default/wobble.gif)

And Ghost_in_the_System, Essentially Option 3 above (which is exactly what Unwired says). You are creating a temporary access remotely (using the Master Node AID) that will use the Master Node to communicate with the Slaved Node. The reason that this is necessary is because the Slaved node will not accept any other connections except that of the Master Node. You then use this temporary poiont of access (the Spoofed Master Node) to send that Spoofed COmmand to the Slaved Node. It is NOT a Hack, because you are not actually implanting anything on the Master Node at all. You are using its own protocols and subscriptions to gain your own ends.

The reason the Slaved node will not accept commands outside of the Subscription port that is subscribed, is because the Slave will forward ANY other connection attempts right back to the Master node. This is a result of how Subscriptions and Slaving interact. You cannot generate a Command connection without a successful Subscription. Slaved Nodes ONLY accept a such commands through the Subscription that the Master Node has established for itself (as it only needs the one).

Now, functionally, there are ways around that. The 3 discussed routes are the methods established on Page 55 in Unwired. Another possible method, which has been briefly talked about, is to completely disrupt communications in such a way that the subscription is disconnected. Then you can attempt to re-establish the connection using your own hardware and the Spoofed AID of the original Master Node. Thsi will, in theory, work, if you can pull it off. It is harder than you think it is to do so, however.

The only Surefire ways to do so are the 3 ways described in Unwired.

In any case, you should still suffer the -6 penalty to the Spoof attempt upon a Slaved Node becasue you have to do so with Administrative Access.

I continue this debate because, otherwise, Spoofing a Slaved node is no harder than spoofing a non-slaved node, and this is obviously NOT the intent of the rules as presented in Unwired. The Story in the SR4A Book, with Slamm-O! and Netcat, only uses Basic Rules, which does not include Slaving. If they were the same difficulty, then why have slaving at all, as there would be no functional difference?

Anyways... (IMG:style_emoticons/default/wobble.gif)

Sure you can. Tell me where it says you can't. Spoofing is not a connection, and does not require a connection, so don't try pulling out the connection thing again (Unless you can also tell me where is says that spoofing is or requires a connection)