OOC: Phoenix Rising, Out of Character thread for the runners Options

[Little Johnson]

it would be the node you are sniffing i would think. how would they ever detect you otherwise.

[Oenone]

The thing is, they generally can't. Listening into someones communications isn't the same as actually altering them.

Now when DD tries to actually look about their system /then/ it can try detect her, but if she was just reading the incoming and outgoing traffic without changing anything then they'd have no clue she was doing it (at least not if the tap being fitted was done properly, which we can assume it was as Gecko got a majorly good roll).

[crizh]

how would they ever detect you otherwise.

Well precisely. It's supposed to be hard to spot.

Really you don't get to make a Perception Test to spot the tap until you have some sort of reason to suspect a tap and go looking for it. Even then you have to work your way through the whole system one node at a time to find the one that has been compromised.

At least you have the opportunity to prevent eavesdropping with a wired system. You can keep the wires and the nodes physically secure and there is a possibility of spotting the tap once it has been established.

In contrast to a wireless tap which cannot be detected at all.

[bmcoomes]

Thing is I'm not sure that is how it works.

Intercept Traffic is for wired comms. Imagine you have three nodes, two that are communicating and a third that is merely the telecommunications hub between them.


A-------------HUB------------B


Like so. You can Intercept Traffic between A and B by running sniffer on HUB. You can only detect the Intercept by making a Matrix Perception test whilst accessing HUB.

What we've done is inserted my commlink thus.

A----------TAP-----------HUB-----------B

This allows DD, who I'm allowing access to traffic to run Sniffer in her own Comm-link on the traffic passing through our network which I've physically inserted into the data-stream.

The Spider can detect her Sniffer program but only if he has access to her comm-link. Which he doesn't unless he wants to hack his way through mine.

This is a vary good explanation Crizh. The way I understand it though is that the sniffer program is running on the HUB node not the commlink. That is whats being detected not the tap it self. The other way if you "reroute" the traffice flow through the commlink then the IC which part of the flow would end up on the commlink and have a chance of seeing "hay I'm not on the hub but another node"

Plus this is what I'm seeing, on A there is a spider on B there is a Spider but on the hub they have an IC/Agent program running. With the IC/Agent running through the HUB scanning and analyzing the HUB constantly.

but hay I could be totally wrong.

Brent

[crizh]

I know it's all future-tech and all but it does rather mirror modern networking and the internet.

You don't really have any awareness or control over where packets go once you have transmitted them other than specifying their destination. These guys have done the only thing you can do which is to create a dedicated link between the machines in question.

IC is aware of anything in it's node or attempting to access it. It would certainly get a Perception check as soon as we try to access it's node but until then it would be unaware of us.

It doesn't travel about with the data. I suppose a Databomb would but it wouldn't be 'aware' until we opened it.

[bmcoomes]

Well, I'm going to bust out my book-fu from my US Navy days.

"In order to intercept traffic between any two nodes or users, you must first have access to a node that the traffic passes through. For example, to intercept a comcall between a Mr. Johnson and his lackey, you either need to compromise one of their commlinks or gain access to the Matrix nodes that the comcall passes through (which could be a challenge unto itself ). Note that this action only applies to traffic passing through a wired medium; for wireless traffic, see Intercepting Wireless Signal, p. 225. The gamemaster may also require you to succeed in a Computer + Browse Test to locate the traffic flow you seek to intercept."

OK, here with the first paragraph. You have to hack into the node that the data is passing through. Add if it's a bundle line then you need a Computer + Browse test to find the one you want. And what an Optical Tap does is gives you the ability to access that node the data is passing through or even possible access to the other two nodes.

"To eavesdrop, make a Hacking + Sniffer Test. The hits you score are the threshold for anyone to detect your tap with a Matrix Perception Test. Taps of this nature are difficult to detect. In order for someone to detect interception of his wired traffic, he must make a Matrix Perception Test in the specific node on which the Sniffer program is running."

Now that you have access to the data you can eavesdrop, buy making a Hacking + Sniffer test. There hard to detect because normally no one checks there wired line for intrusion. As above they have to be on the node that is being hacked to make a matrix perception test. With an IC program running on the node it does provide a chance to detect whats going on.

"Intercepted communications can be copied/recorded without any additional tests. If the hacker wishes to block some
parts of the traffic or add in his own, he must make a successful Computer + Edit Test (see Edit, p. 218). If the hacker wants to insert faked traffic, so that it looks like it comes from one party or the other, he must beat the recipient in an Opposed Test between his Sniffer + Hacking and the target’s Firewall + System. Note that some communications may be encrypted. In this case, a Decrypt action (p. 225) is necessary to capture and decode
the traffic."

It paragraph talks about your options once you have access to the data and what test it takes to get that done.

So my ruling is as follows:

An optical tap provides access to an inaccessible node. From there you can hack that node by normal means "on the fly" or "probing the target". Again this is normally very easily done because the the matrix attributes of that device is much lower than either node it connects now in the real world a cable would not be a node with full attributes in the game world to facilitate the story and balance everything does. Now that your in you can sniff out the data flow by the sniffer program which filters the data through it. So here the device only gets a matrix perception test if there is someone or thing on the node to perceive it.

Now I'll like everyone to weigh in on this and well can move forward with either changes or as I've explained it.

Brent

[Shalimar]

Its all over my head like the rst of the matrix rules. I'll stay where things are nice and simple in the mana end of the pool. I am curious though as to whether or not Jake can help DD with this stuff.

[bmcoomes]

I've always been two heads are better than one, It's be more of a die pool bonus than any else but at lest it's something.

Brent

[Zaranthan]

Having cross-checked the book for any misquotation (and found none), I find your interpretation fair and insightful aside from one point: I don't see how the cable needs to (or if it even can, for that matter) be treated as a node. I'd say the tap gives you the wired equivalent of a Spoof, so the IC would reside in a node at the end of the cable, and would roll its matrix perception against the transmission itself. Success (against the sniffer threshold) would reveal the hacker's commlink on the other end instead of the expected node.

[bmcoomes]

Having cross-checked the book for any misquotation (and found none), I find your interpretation fair and insightful aside from one point: I don't see how the cable needs to (or if it even can, for that matter) be treated as a node. I'd say the tap gives you the wired equivalent of a Spoof, so the IC would reside in a node at the end of the cable, and would roll its matrix perception against the transmission itself. Success (against the sniffer threshold) would reveal the hacker's commlink on the other end instead of the expected node.

This is way I ask for input, to catch things and so we all have a mutual rule set we want to use to have fun with and that the whole point.

I was thinking that way too, or even just use a dumb device rating for it. But I like the next part to tie it in with the RAW.

Lets what else people have to say and we may use that change.

Bnret

[DWC]

I like the idea of treating the tap as a virtual node, since the device connected to the tap essentially interposes itself between two previously hardwired nodes.

While it's technically not between the nodes passing traffic through it, any traffic going down the line past the tap can either be left alone, or edited, as if it were running through a hijacked node. Requiring the two original end nodes to detect the edits the same way they'd detect spoofed traffic seems consistent enough for me.

[crizh]

"In order to intercept traffic between any two nodes or users, you must first have access to a node that the traffic passes through. For example, to intercept a comcall between a Mr. Johnson and his lackey, you either need to compromise one of their commlinks or gain access to the Matrix nodes that the comcall passes through (which could be a challenge unto itself ). Note that this action only applies to traffic passing through a wired medium; for wireless traffic, see Intercepting Wireless Signal, p. 225. The gamemaster may also require you to succeed in a Computer + Browse Test to locate the traffic flow you seek to intercept."

You must somehow gain access to a node the traffic passes through. Traditionally you would do this by Hacking a device that was already part of the Network.

Alternatively you can use an Optical Tap to add a new Node, that you already have access to, into the traffic flow.

As the existing Network has no Software Assets in this new Node it is unable to attempt to discover the Sniffer program running on it. Sniffer doesn't alter the transmitted packets, it merely observes them. With a successful Computer + Edit test you can delete another Nodes traffic or insert Normal traffic of your own which would allow you to try and hack or spoof a Node on the Network. If you try to pretend to be one of the Nodes already on the Network the receiving Node gets a chance to spot that the traffic is faked. Similarly a Hack attempt has the usual chance of being detected.

What you could do is allow IC or a Spider to run 'Detect Wireless Node' on a Wired Network. By constantly probing the Network for new nodes that don't belong there you would be able to tell when a new device had been attached. It wouldn't be easy, the threshold for detecting hidden nodes is 15+, but it would be do-able and makes sense rules and fluff-wise.

(I personally might house-rule the threshold to be 14 + Firewall as a hidden Node is actively trying to stay that way. The higher it's Firewall the less chance there is of it stupidly revealing it's presence in response to a port-scan.)

The system will get a chance to detect DD and it will probably succeed but it shouldn't get one until she does something. All she's doing so far is eavesdropping, if she hasn't changed anything then the system should not, logically, have any chance of detecting her presence.

Yet.

[Fuchs]

It sounds logical that one would "create" the node one runs the program on by installing a tap.

We could post the question on the main rules forum, and see what the devs say?

[crizh]

We could post the question on the main rules forum, and see what the devs say?

Or start a 20 page flame-war. (IMG:style_emoticons/default/grinbig.gif)

Seriously though Brent, if your concern is to run the rules as written to the best of your ability then that is the way to go. There are a number of people on the boards with a far better grasp of these rules than I'll ever have, notably Frank Trollman.

Or you could just make a ruling and we could squeeze in some more play before you leave. I'm easy either way, I only brought it up because you asked us to keep you straight and I'm pretty sure what I posted above is the way the rules are meant to work.

[bmcoomes]

Or start a 20 page flame-war. (IMG:style_emoticons/default/grinbig.gif)

Seriously though Brent, if your concern is to run the rules as written to the best of your ability then that is the way to go. There are a number of people on the boards with a far better grasp of these rules than I'll ever have, notably Frank Trollman.

Or you could just make a ruling and we could squeeze in some more play before you leave. I'm easy either way, I only brought it up because you asked us to keep you straight and I'm pretty sure what I posted above is the way the rules are meant to work.

Right and I respect that. So we can move forward I'm going to run it like this: The tap becomes a matrix node and it can be used as a means to exploit the network. like you said it has no chance to detect the hacker but does have a chance to detect the new node although a hard one. from there it's game on. If we are fine with that I'm ready if you guys are to move forward. I'd like to get this done before I hunt some deer and elk.

thanks,

Brent

[Fuchs]

Sure. So, no edge spoent so far then, and we got the transmissions decrpyted, and looking for specific data then?

[bmcoomes]

right, upstream is the facility nexus and downstream is FT. Lewis nexus.

You can hack the facility by on the fly or prob the target a user level can copy, delete, and edit the files you need.
If Jake is helping you get a +2 die pool modifier for ether test, and He half's the interval with prob the target.

Brent

[Fuchs]

Probing the target is the way to go in this case then.

[bmcoomes]

that will be a Hacking + Exploit test (12, 1/2 hour in vr) You get +2 w/ jack and +2 in VR.

Brent

[Fuchs]

Posted, got 12 after two rolls, so one hour.

[crizh]

Eyes and groin. Amen brother.

I just watched the first ep of series 4 of The Unit. That line made me lol so loud my wife came to find out what was so funny....

[Fuchs]

Also, don't forget, in case the run goes south, that we might nab the data if they try to copy it through the link we tapped.

[Coldhand Jake]

Having some friction at home, so posts are somewhat sporadic. Apologies.

[crizh]

Don't sweat it.

Real-life always takes precedence.

[DWC]

Just noticed that I forgot to roll the infiltration test for the wetwork drone to avoid being spotted.

Command+Infiltration 12d6.hits(5)=5
-4 penalty to percievers due to chameleon coating