Spoofing Account ID Options

[LukeZ]

If I log spoofing my Account ID and using the Account ID of the Admin a certain system, then
I log on my commlink and open a subscription on the target's node system.
While there, the real Admin enter the node.
What happens then? Are we both disconnected?

If we are not in the same node, but in two different nodes "near" to each other and a communication goes to his Account ID, what happens?
The communication goes to my spoofed Accound ID as well?

And if we are in "distant" nodes?

[Neraph]

I can't really understand your post very well.

If you're asking about spoofing your way to an existing user's Admin account, I'm not sure how that works. Generally, though, when hacking into a system, a new Admin account is created so problems like the ones you pose don't come up.

[LukeZ]

I can't really understand your post very well.

If you're asking about spoofing your way to an existing user's Admin account, I'm not sure how that works. Generally, though, when hacking into a system, a new Admin account is created so problems like the ones you pose don't come up.

I spoof the Account ID of the Admin's Commlink.
Then we both log in to the same node at the same time.
What happens? Are we both disconnected?

[sabs]

It woudl be called an AccessID, not an AccountID.

[TommyTwoToes]

I can't really understand your post very well.

If you're asking about spoofing your way to an existing user's Admin account, I'm not sure how that works. Generally, though, when hacking into a system, a new Admin account is created so problems like the ones you pose don't come up.

Spoofing the Admin can give very different results when the security guys do an audit. Rather than <invalid user> logged in, took a bunch of files, edited some video footage and logged out, they instead get Bob, the Manager down in IT security took some files on a Sunday night and edited some video footage.

As long as you are taking actions that Bob is authorized to do, you don't even need to roll Hacking. You are using valid commnads for Bob.

[Yerameyahu]

Spoofing is for a single command; without other alterations, you wouldn't receive feedback, but the real user would.

[TommyTwoToes]

Spoofing is for a single command; without other alterations, you wouldn't receive feedback, but the real user would.

Excellent point. I hadn't considered the one-way nature of that.

[Yerameyahu]

The OP question is valid, though, because you can manually alter your Access ID (either via hacking or hardware). In that case, it's not one-way; in response to that question, "A firewall will, for instance, instantly block access to multiple icons using the same access ID." The second user would not be allowed to Log On.

Sorry for the confusion, I initially misread the question. (IMG:style_emoticons/default/smile.gif)

[sabs]

The OP question is valid, though, because you can manually alter your Access ID (either via hacking or hardware). In that case, it's not one-way; in response to that question, "A firewall will, for instance, instantly block access to multiple icons using the same access ID." The second user would not be allowed to Log On.

Sorry for the confusion, I initially misread the question. (IMG:style_emoticons/default/smile.gif)

So it's a fun way to kick an admin out of the node he's defending?

[Yerameyahu]

No, AFAIK you'd be prevented from logging on if the admin was there in the node. Remember, too, that account rights can be applied by node-of-access, password, etc.; Access ID is just one option.

[LukeZ]

The OP question is valid, though, because you can manually alter your Access ID (either via hacking or hardware). In that case, it's not one-way; in response to that question, "A firewall will, for instance, instantly block access to multiple icons using the same access ID." The second user would not be allowed to Log On.

Sorry for the confusion, I initially misread the question. (IMG:style_emoticons/default/smile.gif)

I'm sorry for not being clear the first time and for using the wrong word (Account ID -> Access ID) (IMG:style_emoticons/default/smile.gif)

[LukeZ]

So if I'm using someone else Access ID and we both are logged in (but in different nodes), what happens if a message is sent to his Access ID (or to his commcode registered through an MSP to his Access ID)?
Do we both get it?

[Yerameyahu]

No worries, I misread. (IMG:style_emoticons/default/smile.gif) Now, to attempt to finish answering your question:

The firewall only stops a duplicate from logging on to the node (i.e., 'present' in the node with one's icon). Like you say, this isn't the same as just having a subscription to that node. If neither you (with spoofed Access ID) nor the real admin (with identical real Access ID) are in the node, then I'm not sure. (IMG:style_emoticons/default/smile.gif) Presumably, the node *could* allow multiple subscriptions (and certainly commands/data requests) from the same Access ID; there are some legitimate situations where this could happen.

In that case, the node would (IMO) blindly function normally; your subscription would do what it's supposed to, while the real admin's subscription would do its own thing. The 'wires' would not get crossed with *pre-existing* subscriptions.

Finally, you raised a third issue: if someone calls the node and says, 'send this message to Access ID #xxx', where would the node send it? Honestly, I'm not sure. (IMG:style_emoticons/default/smile.gif) AFAIK, we really aren't told how routing works in Matrix 2.0. Logically, this kind of hand-off request must happen constantly, and if a node had two options, it could send to both or neither. :/ Note that Persona Access ID isn't the same as node (device) Access ID.

Personally, I recommend that you not get *too* realistic or technical with the Matrix rules. If you think it's cooler/better/etc. for traffic to be duplicated, tell your players that's how it works and be consistent. If you'd rather require Capture Network Traffic actions for that kind of traffic hijacking, do *that* instead.

Another good question. It appears that devices are registered with the MSP in order to connect to the commcode. Presumably, this means you tell the MSP your *device* Access ID(s), and it receives and relays commcode calls. In that case, spoofing the device's access ID could let you receive someone's calls, whether they originate via commcode or direct device Access ID (as always: IMO). To prevent this, the nodes could be configured to require authentication of some kind (as simple as a password, as complex as a biometric).


(This is all just my best guesses and memory of the rules; I could easily be wrong. (IMG:style_emoticons/default/biggrin.gif) I know this post is a mess, but I haven't the time to edit just this moment. (IMG:style_emoticons/default/smile.gif) )

[suoq]

It occurs to me that, if I'm reading you correctly, spoofing a logoff command and then logging in as the admin would definitely alert the admin, but the firewall may keep the admin from logging in.