IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Spoofing to bypass commlinks?
calypso
post Feb 28 2006, 10:19 PM
Post #1


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



So, I'm working on some generic system setups. You know... daisy-chained, master-slave setup, others I'm sure.

The most common, and the one advocated by the book, is the master-slave setup. The commlink is the master, and all of your other devices (cyberware, cameras, etc) are subscribed to it.

This has benefits: The (probably) better security of the commlink must be breached before a hacker can access your other devices, since your other devices will only talk to your commlink.

However, is it possible, using the Spoof Command option, to interface directly with someone's stuff by pretending to be their commlink?

Calypso
Go to the top of the page
 
+Quote Post
Darkness
post Feb 28 2006, 10:24 PM
Post #2


Moving Target
**

Group: Members
Posts: 297
Joined: 26-February 02
Member No.: 248



This is discussed here:
http://forums.dumpshock.com/index.php?showtopic=11835
Go to the top of the page
 
+Quote Post
calypso
post Feb 28 2006, 10:32 PM
Post #3


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



Thanks. That more or less confirmed what I thought, with the possible exception of: Sniffer. I was assuming it would go:

Device A will only talk to Device B, and vice versa.
Make a Spoof test against Device A so that it thinks I'm Device B, and do as I please.

However, I may have to include the following step (which was mentioned in that thread).

Make a Sniffer test to intercept and analyze their communications.

Calypso
Go to the top of the page
 
+Quote Post
mdynna
post Feb 28 2006, 10:39 PM
Post #4


Moving Target
**

Group: Members
Posts: 371
Joined: 10-January 06
From: Regina
Member No.: 8,145



I have been making my players make a successful Trace operation as well as the Intercept test as the rules specifically state that a successful Trace gets you the Commlink ID. Don't forget having to Decrypt the signals if they're Encrypted.
Go to the top of the page
 
+Quote Post
Darkness
post Feb 28 2006, 11:59 PM
Post #5


Moving Target
**

Group: Members
Posts: 297
Joined: 26-February 02
Member No.: 248



QUOTE (calypso @ Feb 28 2006, 11:32 PM)
Thanks.  That more or less confirmed what I thought, with the possible exception of:  Sniffer.  I was assuming it would go:

Device A will only talk to Device B, and vice versa.
Make a Spoof test against Device A so that it thinks I'm Device B, and do as I please.

However, I may have to include the following step (which was mentioned in that thread).

Make a Sniffer test to intercept and analyze their communications.

Calypso

IIRC correctly, it was mentioned in the thread given, that you have to use Electronic Warfare rules to find the correct wireless transmissions between A and B. Intercepting a wireless Signal (p. 225) includes an Electronic Warfare + Sniffer (3) test, so your assumption was right on target. ;)
Go to the top of the page
 
+Quote Post
TinkerGnome
post Mar 1 2006, 12:16 AM
Post #6


Dragon
********

Group: Members
Posts: 4,138
Joined: 10-June 03
From: Tennessee
Member No.: 4,706



There is nothing in the rules that lets you use spoof to get in the way of any subscriber link except for drones and agents.

Just thought I'd point that out.

If I were to allow it as a GM, I'd only allow the hacker to issue commands to the device and not really hack it. Anything you do with two way communication involved is going to tip off the real commlink that something is up.
Go to the top of the page
 
+Quote Post
calypso
post Mar 1 2006, 01:38 AM
Post #7


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



To say that a drone is different than any other Node is silly.

Anything that is communicating with something else is subject to a "man in the middle" attack. While it's true that spoofing commands to something isn't the same as having compromised it, it very easily can be.

1) If the thing with which it thinks it's communicating has account creation priveledges, then you can spoof the command.

2) Really, the only way such an attack, in this case, can be detected is if you say to Device A "Okay device, give me admin priveledges." Device A broadcasts "Okay!" Which both you AND Device B receive. Device B kinda goes "... huh? I didn't ask for that. ALERT!"

Calypso
Go to the top of the page
 
+Quote Post
TinkerGnome
post Mar 1 2006, 02:33 AM
Post #8


Dragon
********

Group: Members
Posts: 4,138
Joined: 10-June 03
From: Tennessee
Member No.: 4,706



QUOTE (calypso)
To say that a drone is different than any other Node is silly.

Not really. The only rules for using spoof to mess with a device are very specific to drones and agents. The drone gets to use its pilot program to resist the inserted command. This leads me to believe that drones really are different from most other nodes.
Go to the top of the page
 
+Quote Post
calypso
post Mar 1 2006, 03:27 AM
Post #9


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



If you want to do a strict reading of the rules, Agents don't have a Pilot rating.
Go to the top of the page
 
+Quote Post
TinkerGnome
post Mar 1 2006, 03:32 AM
Post #10


Dragon
********

Group: Members
Posts: 4,138
Joined: 10-June 03
From: Tennessee
Member No.: 4,706



QUOTE (calypso)
If you want to do a strict reading of the rules, Agents don't have a Pilot rating.

Huh?
QUOTE (SR4 @ p227)
Agents have a Pilot attribute just like drones

Go to the top of the page
 
+Quote Post
calypso
post Mar 1 2006, 03:45 AM
Post #11


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



Ah, right you are. I also think I now understand the argument for not allowing Spoofing. It only allows spoofing on things that are autonomous.

I believe I found what I wanted. Page 224:

QUOTE
Intercepted communications can be copied/recorded without any additional tests. If the hacker wishes to block some parts of the traffi c or add in his own, he must make a successful Computer + Edit Test (see Edit, p. 218). If the hacker wants to insert faked traffi c, so that it looks like it comes from one party or the other, he must beat the recipient in an Opposed Test between his Sniff er + Hacking and the target’s Firewall + System.


That (basically) allows a man-in-the-middle attack.

Calypso
Go to the top of the page
 
+Quote Post
Backgammon
post Mar 1 2006, 01:49 PM
Post #12


Ain Soph Aur
******

Group: Dumpshocked
Posts: 3,477
Joined: 26-February 02
From: Montreal, Canada
Member No.: 600



Not saying the point is moot, but a smart setup will be using a skinlink between slave nodes and his commlink. That means the slaves aren't wifi enabled, making them immune to wireless hacking. You'd HAVE to go through the commlink to get to them.
Go to the top of the page
 
+Quote Post
calypso
post Mar 1 2006, 03:46 PM
Post #13


Moving Target
**

Group: Members
Posts: 238
Joined: 18-August 05
Member No.: 7,569



Indeed. And I also expect that high security networks will still be wired, with no connection to the Matrix.

But I suspect that the majority of people are too oblivious to how it all works to have a secure setup. Just like in real life.

Calypso
Go to the top of the page
 
+Quote Post
Rotbart van Dain...
post Mar 1 2006, 04:17 PM
Post #14


Hoppelhäschen 5000
*********

Group: Members
Posts: 5,731
Joined: 3-January 04
Member No.: 5,951



QUOTE (calypso)
But I suspect that the majority of people are too oblivious to how it all works to have a secure setup. Just like in real life.

Especially when it is much cheaper and faster than digging up walls.

BTW, let's see whether Unwired features power line LANs. ;)
Go to the top of the page
 
+Quote Post
hobgoblin
post Mar 2 2006, 12:02 AM
Post #15


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



hmm, i wonder if MASER is still in fashion...
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 8th April 2020 - 01:53 AM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.