Hacking on the fly, I'm doing this wrong, aren't I? Options

[Jhaiisiin]

So with Hacking on the Fly, I've come to realize just how difficult it can be. If I understand the rules, once I'm detected as an intruder, the system stops accepting commands from me and/or boots my ass out of the system. If I'm a hacker running an average (Rating 4) Stealth program and hitting a system with a Firewall+Analyze pool of say 9 (not a crazy system), chances are I'm detected at the same time or before I finish hacking into the system.

The other night, we had our technomancer trying to break into an admittedly, very secure system and hacking on the fly only worked once out of like 10 times. She had her Stealth threaded up to 8 I think, but was only managing to toss a meager amount of dice at the rating 7 firewall.

Is this normal? Do you need more info from me? Am I misunderstanding the rules?

[Karoline]

Lets see... first off being detected doesn't automatically kick you out, it just means the spider is going to be alerted and you're going to be fighting against some ICe but that is about the extent of what usually happens.

Second a rating 7 firewall should (According to the book) be exceptionally rare (Like cutting edge military rare) though this varies some from group to group as several on these threads think that the max 6 rating and exceptionally rare on rating 7 stuff only applies to CG. (I think this is fairly ridiculous because if you run it the way they do there is no reason even a small corp shouldn't have double digit firewalls, but that is beside the point) and so isn't something you're generally going to see much.

Thirdly, yeah, if you can't get through a firewall in one or two rolls the rules are basically set up so that you'll be found out. I think this is to encourage cybercombat and prevent every two bit hacker being able to get into a system on the fly in a second and then not be worried about all the fancy and expensive ICe running around a high grade system.

[Ryu]

So with Hacking on the Fly, I've come to realize just how difficult it can be. If I understand the rules, once I'm detected as an intruder, the system stops accepting commands from me and/or boots my ass out of the system. If I'm a hacker running an average (Rating 4) Stealth program and hitting a system with a Firewall+Analyze pool of say 9 (not a crazy system), chances are I'm detected at the same time or before I finish hacking into the system.

The other night, we had our technomancer trying to break into an admittedly, very secure system and hacking on the fly only worked once out of like 10 times. She had her Stealth threaded up to 8 I think, but was only managing to toss a meager amount of dice at the rating 7 firewall.

Is this normal? Do you need more info from me? Am I misunderstanding the rules?

A system that detects an intruder will react according to the "Alert Response Configuration" (fancy name for the table that says log off / reboot / call IC / call decker). Most IC is not able to touch your Stealth 8 TM, so a few reactions don´t pose a problem.

The rating of Stealth is so important that you should always have it at the best possible rating. As a GM, try to select device ratings according to the sample device rating table, always. Having R6 systems as a standard writes hackers out of the hacking game.

[JoelHalpern]

I jsut ran a couple of brief matrix encounters.
As I read it, if you are detected trying to do a fast hack, the system goes on alert and has IDed you as the cause of the alert. WHat it does then depends upon what it is set up to do. In my case, it called in IC.
THe thing that makes the IC tougher is that for avoiding damage the roll is response + firewall. And the alert is defined to add 4 to the firewall. So the IC has 4 extra dice to getting hit in cybercombat. On a major node, with 6 Firewall, 6 Analyze (which is why it spotted you), 6 response, and grade 6 countermeasures, you are going to be facing very tough odds. However, it should be noted that this is a very high end node. Note super-secret, but a significant corp that wants to keep something secret.

(The odds of being detected in a lower grade node depend significantly on what your GM thinks is normal. For most corporate nodes, and other valuable resources, I tend to assume a Firewall 6 and Analyze 6(optimize 3). Which means that even on a grade 4 node, the node is making a 10 die extended test to spot you. Even with a 6 Stealth, and decreasing die pool, the node will probably find you in 3 combat turns. If you are going for Admin access, you probably take at least that long to get the 12 successes you need.)

Yours,
Joel

[Jhaiisiin]

Lets see... first off being detected doesn't automatically kick you out, it just means the spider is going to be alerted and you're going to be fighting against some ICe but that is about the extent of what usually happens.

Okay, somewhere I'd read that the node stops accepting commands from the intruder, which if there are no Spiders in the system, makes it so you can't do anything anyway, so logging off and trying again seems like the only course you have available. Or am I not up to speed on hacker rules still? (I used to play the right hand gunbunny all the time, this hacking is new to me)

I was also under the impression that once the system identifies you and triggers an alert, it directs forces to your location (be they IC or a Spider or what not). And if the system knows you're there, how is it that it doesn't paint a huge red arrow on you so everything else can see you?

Second a rating 7 firewall should (According to the book) be exceptionally rare (Like cutting edge military rare)

It was a military node, and we didn't have a choice but to go after it. Unfortunately, the TM in the group is not crazy optimized, so the dice she is throwing around isn't all that impressive.

Thirdly, yeah, if you can't get through a firewall in one or two rolls the rules are basically set up so that you'll be found out. I think this is to encourage cybercombat and prevent every two bit hacker being able to get into a system on the fly in a second and then not be worried about all the fancy and expensive ICe running around a high grade system.

But doesn't the IC/Spider/etc see you now that the system has identified you?

[Tymeaus Jalynsfe...]

Okay, somewhere I'd read that the node stops accepting commands from the intruder, which if there are no Spiders in the system, makes it so you can't do anything anyway, so logging off and trying again seems like the only course you have available. Or am I not up to speed on hacker rules still? (I used to play the right hand gunbunny all the time, this hacking is new to me)

I was also under the impression that once the system identifies you and triggers an alert, it directs forces to your location (be they IC or a Spider or what not). And if the system knows you're there, how is it that it doesn't paint a huge red arrow on you so everything else can see you?


It was a military node, and we didn't have a choice but to go after it. Unfortunately, the TM in the group is not crazy optimized, so the dice she is throwing around isn't all that impressive.


But doesn't the IC/Spider/etc see you now that the system has identified you?

Once an alert is triggerred, the response 0f the system is dictated by its ARC...
Assuming you are still running your stealth program, the incomming IC and SPiders still need to make a Matrix Perception Test contested by your stealth roll once they arrive to identify you. Once you are identified, they no longer have to ID you to interact with you... It is always a good idea to have a high Stealth and a distraction for when you trigger an alert... say a moderate level Bait Worm or Agent to intercept the IC/Spider response... If you can remain hidden, they will go after the obvious things while you maneuver around them...

Logging off and retrying the Hack atempt may or may not work depending upon how long the system remains on alert...

Keep the Faith

[JoelHalpern]

Once an alert is triggerred, the response 0f the system is dictated by its ARC...
Assuming you are still running your stealth program, the incomming IC and SPiders still need to make a Matrix Perception Test contested by your stealth roll once they arrive to identify you.

The Rules as Written seem slightly unclear to me about this. It seems to me that the system generating the Alert has IDed you, and can then direct the response to you. In part, the reason I conclude that the intruder is identified is (from BBB pg 222) " A node on alert receives a Firewall bonus of +4 against the intruder that triggered the alert." That fact that it is specific would seem to mean you are identified. Since the only reason the Firewall is relevant is either if you start over hacking, or you are being attacked by IC (or spider), it seems that this is intended to help the IC (or spider). But if they have to roll their own detection, then most IC will never find a competent (6 Stealth) hacker. Even a spider in full VR needs some luck.

Yours,
Joel

[Karoline]

The Rules as Written seem slightly unclear to me about this. It seems to me that the system generating the Alert has IDed you, and can then direct the response to you. In part, the reason I conclude that the intruder is identified is (from BBB pg 222) " A node on alert receives a Firewall bonus of +4 against the intruder that triggered the alert." That fact that it is specific would seem to mean you are identified. Since the only reason the Firewall is relevant is either if you start over hacking, or you are being attacked by IC (or spider), it seems that this is intended to help the IC (or spider). But if they have to roll their own detection, then most IC will never find a competent (6 Stealth) hacker. Even a spider in full VR needs some luck.

Yours,
Joel

That is because the system itself is going "Darn, I really need plug up this hole that the hacker came through, so I'm going to focus all my firewall efforts on that." which is what causes the penalty. The system doesn't know where exactly the hacker is, only where they cam in from, so yeah, the defenses still need to find the hacker. And yes, it does require some effort, but since the IC/Hacker can sit there and do two (or is it three?) perception checks an IP, it isn't going to be long before they get lucky and spot the hacker. This is even more true if they use aid another with a spider and a couble IC programs helping him out.

[JoelHalpern]

That is because the system itself is going "Darn, I really need plug up this hole that the hacker came through, so I'm going to focus all my firewall efforts on that."

(removing guesses about the odds of spotting someone...)
THe problem I have with this view is that the text says that the bonus is against the target who triggered the attack. Even if another hacker is coming in at the same time, there is no bonus on him. And the bonus applies to all uses of firewall.

So, while from a realism perspective what you say makes good sense, it does not seem to match the rules / mechanics we have.

Yours,
Joel

[Karoline]

(removing guesses about the odds of spotting someone...)
THe problem I have with this view is that the text says that the bonus is against the target who triggered the attack. Even if another hacker is coming in at the same time, there is no bonus on him. And the bonus applies to all uses of firewall.

So, while from a realism perspective what you say makes good sense, it does not seem to match the rules / mechanics we have.

Yours,
Joel

Why not? Another hacker is going to come in from a different point, and that entry point won't be noticed by the system if the hacker does so without tripping the alarm.