Another hacking question, how to handle.... Options

[Sesix]

I was wondering when my hacker goes on his run to start scooping out nodes and such should I be throwing him into matrix intiative each time? If not how do others gm the whole hacking process?

[BishopMcQ]

It depends on how critical things are--if the hacker has triggered an alert, then yes I generally have them in actions and Matrix Initiative. If they are just scanning, sniffing, and probing, then I don't use Initiative.

[Sesix]

Ok that makes sence. So another question then, when the system gets the free scan to see if it detects the intruder is that a threshold of the players Stealth program? Or does he roll his stealth and the system sees if he gets more net hits to detect?

[Yerameyahu]

The target node gets one free Analyze + Firewall (hacker’s Stealth) Test when you first log on with the hacked account. If the node detects you, an alert is triggered (Alerts, p. 238).

That's a simple test with a DP of (Analyze + Firewall) and a Threshold of (hacker's Stealth).

Stealth is rolled as part of an *Opposed* Test for Matrix Perception, though. (IMG:style_emoticons/default/smile.gif)

[Sengir]

It's not an Opposed Test, so the threshold indeed is the intruder's program rating. Note that normal matrix perception tests are Opposed Tests, however. So a spider or IC has a better chance at detecting an intruder.

[Sesix]

So I need to be throwing IC for security systems more.

That also means most systems out there the hacker is going to break into no matter what with mostly no detection, doesn't it?

[Yerameyahu]

It depends, but yes: a solid investment in Stealth means you *usually* won't get detected on the way in.

[SpellBinder]

So I need to be throwing IC for security systems more.

That also means most systems out there the hacker is going to break into no matter what with mostly no detection, doesn't it?

Yeah, kinda depends. Especially if anyone is foolish enough not to have invested in a good quality Analyze program to run 24/7/365.

But don't forget that odd activity from whatever is hacked can also draw unwanted attention. Considering the "Game Set Match" fiction in the SR4a book, IIRC the University hacker only came to check things out the drone Netcat & Slammo! were hacking was acting strangely.

Just because a hacker gets in undetected doesn't mean he can't F-up later by causing something else that will be noticed.

[Saint Sithney]

Game Set Match has multiple rules violations, and still it's the best we get for an actual example of how hacking works.

As far as I'm concerned, we've been given no full system of matrix rules, just a bunch of matrix suggestions.

There needs to be a book that tells players, "this is how you ____" so that there can be actual codification.

[Epicedion]

What would really be nice would be examples of several different kinds of nodes, the operations they contain at what access levels, and the agents they run.

[Sengir]

So I need to be throwing IC for security systems more.

That also means most systems out there the hacker is going to break into no matter what with mostly no detection, doesn't it?

Well, there's a reason why the most secure systems are called glaciers, icebergs, or other IC-y allegories. (IMG:style_emoticons/default/wink.gif)

And in every decently secured system, the node accessible from the outside will merely be a gateway from which other nodes can be accessed. Only an intruder who gets past the gatekeepers in that node can gain any value from his intrusion.

@Sithney: Examples of those violations?

[Mr Clock]

I found this very helpful in thinking about how to lay out a Matrix system:

http://pavao.org/shadowrun/miscellany/example_matrix.pdf

[SpellBinder]

Game Set Match has multiple rules violations, and still it's the best we get for an actual example of how hacking works.

Yeah, I know that from another thread discussion on the Nuke attack program, the same kind Slammo! uses on the university hacker.

But the point I was trying to make was that detecting a hacker's activity isn't necessarily going to be limited to just the Analyze program. If odd information starts popping up on your AROs, or that security drone has been standing in one spot for too long rather than moving on in its patrol, it could be a hacker at work. Granted software/hardware malfunctions are also possible, but a hacker still cannot be ruled out, and either way will still garner the attention of a living security person.

[BishopMcQ]

The Runner's Toolkit will have the Anatomy of a Shadowrun. That should be very helpful for understanding how the rules and fiction come together.

[noonesshowmonkey]

Any decent node that holds information of consequence (ie paydata) should have at least one IC that runs 24/7 and is loaded with a high rating Analyze program. Load the same IC with Track and Stealth and you have a nasty little IC capable of calling friends in on the hunt.

In an old thread, I designed a few IC that I thought were appropriate for various tasks a node might be interested in. Used in combination, my Ares U-Boat and Neonet Beagle Probe IC are quite devastating. The Probe can ID an incoming hacker and begin a trace-route while calling in a wolf-pack of several U-Boats.

[Yerameyahu]

There are also IC examples in Unwired. Convenient, if less optimized.

[Sesix]

ok so whats the limit on the program rating a bit of IC can use?

[noonesshowmonkey]

There are also IC examples in Unwired. Convenient, if less optimized.

Theres a few things in Unwired which look an awful lot like that document I made.

[noonesshowmonkey]

ok so whats the limit on the program rating a bit of IC can use?

The Pilot rating of an Agent limits the highest rating of a program that can be loaded as payload.

[Mr Clock]

And as the IC has to run on the node it's in, the maximum rating of any of its programs is equal to the node's System.

[Sesix]

And as the IC has to run on the node it's in, the maximum rating of any of its programs is equal to the node's System.

Which is limited by the response of the device? Or as Im reading it, the device can still have a high system, but with a low response the system = the response of that node. And if that is the case, why ever have a system higher then your response?

[Yerameyahu]

I'm not sure if you're even allowed to run an over-high System (with the intent of it auto-scaling down), although it's not really a dangerous abuse to do so. (IMG:style_emoticons/default/smile.gif) Just a technicality.

[Mr Clock]

Sesix: you are correct. The only reason I can see for having System higher than the Response would be to plan ahead in case of upgrades or System-degrading attacks.

[sabs]

I'm not sure if you're even allowed to run an over-high System (with the intent of it auto-scaling down), although it's not really a dangerous abuse to do so. (IMG:style_emoticons/default/smile.gif) Just a technicality.

It specifically says in SR4A that system scales down to the base Response of the node.

[Yerameyahu]

Ah, well there you go. (IMG:style_emoticons/default/smile.gif) I thought it might say that System was *limited* to it.