Botnets, ...Help? Options

[Modular Man]

There's still the issue that agents have built in Access IDs. This ID has got nothing to do with the node they're running on and is the same for every copy of said agent (which I assume is the case here, mass copied agents). A node only allows one agent to log on if more with the same ID try, even hacking won't get them in. This is all on page 102 in "Unwired" and roughly pictures your scenario.
Also, as said before, there's a limit on how many dice you get in teamwork. Usually, that's capped by the skill rating of the aided person, in case of an agent this would probably be his rating as he uses this instead of separate skills every time.
Mass and quick datasearches are easier and overall faster this way, of course. But I don't see a real issue of balance here as those are not as crucial as a mass hacking attempt. At the very least, to make it go faster you probably could get every agent his own archive to search. This way they bypass the interval for searches covering the whole matrix.
Having multiple packs of agents search for the same thing might give you the same results over and over. There's a limit on how many people can aid in a single test before it becomes ineffective. If you want to make multiple test, the searching packs are no longer linked to each other (because not doing teamwork any longer) - multiple results all over. Data floods can be a bitch.
Also, keeping a botnet safe and secret is way more difficult as it increases in numbers. A single agent might get exposed eventually. Does he really want this agent to carry sensible information like data search results or hacking attempts in case some authority figure takes a closer look? (IMG:style_emoticons/default/ork.gif)

Well, ninja'd by half a page. Damn, should've typed faster.

[hobgoblin]

If he's been going to all these dark alleyways in the Matrix, perhaps he's brought home an infection or two of his own?

Remember, anything the player can do to the world, the world can do to the player. (An ambush ambushed isn't very nice.)

And the world have in theory infinite resources, if the character becomes uppity enough. And characters in SR are criminals, not heroes (at least not in the eyes of the powers that be).

[hobgoblin]

Agents do not have the software skill, nor can they get it. So yes, quite illegal.

Indeed. It also stops hackers from running agent powered programming factories.

[Socinus]

I wish we had an example of how things like botnets worked the same way they do for things like char gen, when they actually step you through it in first-person mode.

[suoq]

I wish we had an example of how things like botnets worked the same way they do for things like char gen, when they actually step you through it in first-person mode.

My impression was that we do in Unwired. It's just that, really, they don't do much. Neither DOS or Mass Probe strikes me as that difficult. I don't believe they actually do anything else.

[Zarek]

Fortunately, with everyones help I have mostly figured out what happened. What he was calling a botnet, was not a botnet at all. Hence my inability to figure out what he was doing. At the end of the day, the problem comes down to he did something illegal with his agents to create something the rules were designed to prevent becuase he confused a botnet with a long term project to recreate the Agent Smith scenario.

There's still the issue that agents have built in Access IDs. This ID has got nothing to do with the node they're running on and is the same for every copy of said agent (which I assume is the case here, mass copied agents). A node only allows one agent to log on if more with the same ID try, even hacking won't get them in. This is all on page 102 in "Unwired" and roughly pictures your scenario.

This is detailed even further in pages 110-111 of Unwired on the section about copying Agents. I kept missing this section becuase it doesn't discuss botnets. However, I remember him having needed time to set this thing up. So I stumbled into what rule he used. At the bottom of this section it discusses that you can change the internal access ID of an agent with a week logic + software (rating x3, week) extended test.

What he had done illegally was in allowing agents to handle that extended test for him. Thus instead of creating about 6 new agents max (like what was mentioned previously) he had 2 agents could be copied that would become four, etc. He then used resources to build a Nexxi to store all these copies of uniquely ID'd agents. The reason I didn't know"which nodes they were on" is he jsut used a couple of cheap comms he bought to run the process and fully had thought these were free agents he could just copy wherever, like he normally could.

Becuase of the structure of Unwired, he thought that this was a botnet. In reality he was not using a botnet at all, but instead had almost revived the "Agent Smith" problem.

Then of course I kept hearing the term "botnet" so in turn I kept looking over the rules and trying to figure out how he got what he had.

My impression was that we do in Unwired. It's just that, really, they don't do much. Neither DOS or Mass Probe strikes me as that difficult. I don't believe they actually do anything else.

This is difficult, becuase you are totally right in that DDOS and Mass Probe are the only thing it provides rules for. However it heavily implies that a botnet can be used for more than that. On 88 the jackpointers recommend using botnets to manage a hacked traffic system, lower on the same page they discuss that corps use them to spead spam, ON 102 it discusses automating datasearches in the code zombie section, then on 100 there is this:

The botnet program contains a list of all the agents online and
connected through the botnet, with simple status symbols communicating
their effective Matrix attributes, current Matrix Condition
Monitor, payload, location, and what action they are undertaking.
With a Simple Action, the hacker can issue a command (see Issuing
Commands, p. 220, SR4) to any number of bots in the botnet.

Based on this I see no reason any common program loaded on the botnet couldnt be used to some manner.

Again thanks for all the help. My problem is halfway solved. Now I just have to go talk to my already angry hacker and tell him I'm ruling against him on yet another issue.

[hobgoblin]

This is difficult, becuase you are totally right in that DDOS and Mass Probe are the only thing it provides rules for. However it heavily implies that a botnet can be used for more than that. On 88 the jackpointers recommend using botnets to manage a hacked traffic system, lower on the same page they discuss that corps use them to spead spam, ON 102 it discusses automating datasearches in the code zombie section, then on 100 there is this:

The traffic system example likely implies each worm/agent of the net taking up residence in the peripheral node of the individual lights. This then allows the hacker to operate what amounts to a secondary control system of the lights via his botnet, rather then hack the central control node. Then he can just issue commands like "create a green wave from 4th to 15th, now!" and the botnets goes to work messing with each individual node on that stretch of road.

As for the spam, that is very real life. Each "zombie node" would be connecting to long lists of comcodes and such and delivering a preset message. And set up correctly the MSPs will simply see a mass of nodes making contact rather then a single big node pushing truckloads of data. A use that is likely pointless for a shadowrunning hacker, unless he has a side job pushing herbal viagra or something (IMG:style_emoticons/default/wink.gif)

[Fortinbras]

Somethings I've found working with bot-nets that are worth remembering

1) The nodes these Agents are in likely have a response of 2 or, if you're lucky, 3. This means that an average Agent in the bot-net is rolling about 4 dice on tests, or 6 with Teamwork. If he has Optimization on all his Programs, that bumps that up a bit to 8 and 12.
If you enforce the diminishing returns rule for Extended Tests, the cat is more likely to want to use his own Data Search skill and have his bot-net augment it rather than having his bot-net do all his work for him, as he likely has a greater skill and, therefore, will get more out of a Teamwork test than his bot.

2) These Agents use his Access ID and can only take orders from that Access ID or whichever one's the hacker has allowed in the bot's script. This means that if your hacker spoofs his Access ID often, he'll have to change it back in order to issue orders to his bot-net. If he hasn't taken that particular AI Quality, it's even more dangerous.

3) Anyone who happens to find a copied Agent will be able to trace it back to your hacker though a myriad of methods from checking the bot's subscriptions, looking through the Access Log or simply analyzing the Agent's Access ID. It has to be able to communicate with your hacker and vice-versa. It is though this line of communication that a trail can be found. I guarantee your hacker will become a lot more cautions if you simply remind him of this and he'll likely dump the thing is you send someone after him because of it.
The only way I can think of around this is to use an Anonymization service which routinely erases it's Access Log. It's not something the player can do, because his Access ID will be the one which logged on and erased the access log. I guess you could try to use a proxy, issue your commands, log off, spoof your Access ID, hack in with Admin and erase the log...but I think I'd just pay the 300 a month.

4) GOD! My personal favorite, the Grid Overwatch Division. Since this cat is an AI, he should also contend with Artificial Resource Management. If that bot-net becomes too huge, it's going to be noticed by the Matrix police who can do everything from send a SWAT team to, more likely, just shut the whole thing down. It's a great storytelling tool and a useful way to introduce characters to the wider world of the Matrix though game play rather than narration.

[Zarek]

All of those things are great suggestions! WOrking on bringing GOD in as soon as a iresume the game (after my vacation)

[Udoshi]

2 becomes 4, becomes 8, etc. I think that is what he did. Becuase I think he used the recently copied agents to act as mooks to do change ID test. That may have not been legal though.

Agents cannot self-patch. Software is a skill forbidden to them.

Also, that test is to change ONE agents access id. Therefore, no recursive agent patching.

I was dumb enough as a GM to tell them three months had passed.

It also sounds like someone is forgetting to apply Program Degredation. If you break the Copy Protection on a program, in order to crack it or run multiple copies, or even to give your agents prograps in their payload - you deal with SOTA rolls.

Also, The Faq has some good information for you.

Just for reference, here’s a quick reminder of the limitations inherent on agents:

Off-the-shelf agents won’t perform any action that requires the Hacking Skill, even if loaded with the correct program (p.101, Unwired).
Agents do not have a Software Skill (p.234, SR4A).
Once running, an agent’s access ID may not be changed (p.110, Unwired).
Copies of an agent will have the original’s access ID; a copy cannot access a node on which an agent with the same access ID is already running (p.110, Unwired).
Agents are limited to 3 Matrix IPs (p.236, SR4A).

Additionally:

Copied Agents and IDs
If a copy tries to access a node on which an agent with the same access ID is already running, however, the node will automatically refuse ac-cess (even if the agent tries to hack his way in, the attempt will automatically fail). This security feature both deters piracy and prevents mass invasions by agent mooks (the so-called “Agent Smith” scenario).

[Brainpiercing7.6...]

What I don't get is this:

Agents which are copied all share an access ID, which excludes the possibility of using them to hack one system using teamwork.

Botnets are nets of agents or worms, which supposedly are all copied and distributed in some way, and you CAN use them for a DDOS attack. Which is sort of a contradiction, because after the first bot connects, all the others should be refused.

I would tend to think that the Replicate Autosoft actually creates a new agent with a new access ID, or else worm and bot nets would NEVER ever work. Also, why would you even need Replicate when you could just copy the agent, or have the agent copy itself normally? Of course, this is not really what the RAW suggests.

These entire rules once again suffer from trying to balance them in some way, in order to make sure that agents remain expensive - when in fact, like with all software, you should be able to copy them easily. They should use the access id of the device they are running on, rather than have their own, or at least be able to start up with a new id every time.

[hobgoblin]

Watch out, there is a little trick to Access IDs. They are assigned pr persona, not pr node.

Yep, for the longest time i thought that each node came with a Access ID. not so. The Access ID is attached to the person. So each persona spawned by a nexi will have its own Access ID.

This little detail shows up in the "behind the scenes" sidebar on page 53 of Unwired.

As for DDOS, the effectiveness of that comes from the issue that even if the node is just rejecting the agents it still has to process the initial login or data request. So to perform a DDOS attack one just need a big enough botnet to generate enough of these requests to overwhelm the processing capacity of the target node.

Oh, and a agent is normally forbidden form loading a copy of itself on a different node. Replicate gets around that. This likely in fluff by tricking the source node into thinking the agent have been wiped once the transfer to the target node have been completed. Lets not forget that agents normally either move from node to node by being transferred over, or reside in one node and log into multiple ones much like a persona can (yes, there is also the option of traveling with the persona of its owner. but i was limiting myself to agents operating outside the users node).

[Aerospider]

Watch out, there is a little trick to Access IDs. They are assigned pr persona, not pr node.

Yep, for the longest time i thought that each node came with a Access ID. not so. The Access ID is attached to the person. So each persona spawned by a nexi will have its own Access ID.

This little detail shows up in the "behind the scenes" sidebar on page 53 of Unwired.

Actually both nodes and personas have access IDs (as well as other autonomous constructs). In fact the persona's ID is born of the originating node's ID. References to nodes having access IDs are few and subtle, but see Persona Access IDs on Unwired p.52 and Slaving on Unwired p.55.

Oh, and a agent is normally forbidden form loading a copy of itself on a different node. Replicate gets around that. This likely in fluff by tricking the source node into thinking the agent have been wiped once the transfer to the target node have been completed. Lets not forget that agents normally either move from node to node by being transferred over, or reside in one node and log into multiple ones much like a persona can (yes, there is also the option of traveling with the persona of its owner. but i was limiting myself to agents operating outside the users node).

It's more that agents are incapable of replicating themselves rather than being forbidden (Unwired p.111), but perhaps that's half-a-dozen of one and thirty-six-to-the-nought-point-five of the other. They do need Replicate, but Copy Protection will still prevent it (even if only on it's loaded programs, which are also replicated).

Here's one for a giggle - can anybody cite RAW that bans agents without Replicate (or even with it) from copying each other...?

[hobgoblin]

Oh ye lovely inconsistent wording...

I am tempted to introduce the concept of Node ID just to get some mud out of the water (IMG:style_emoticons/default/nyahnyah.gif)

As for the other bit, there is a one line entry for a unrestricted agent on Unwired p100.

[Brainpiercing7.6...]

So what about worms? It does seem weird that all worms that spread themselves have the same access ID, yet they use the same rules as agents, or else you wouldn't need agents.

I think this is once again a case of wanting too much in one ruleset, and not thinking enough about consistency.

[Zaranthan]

So what about worms? It does seem weird that all worms that spread themselves have the same access ID, yet they use the same rules as agents, or else you wouldn't need agents.

I think this is once again a case of wanting too much in one ruleset, and not thinking enough about consistency.

Most well-written viruses don't infect the same machine twice. The author would prefer the worm remain active and spreading as long as possible. Reinfection rapidly consumes all resources on the target machine, so unless your payload was running Nuke, doing so is counterproductive. Thus, the access ID restriction actually helps, since it prevents a Kilroy Was Here event.

[Udoshi]

What I don't get is this:

Agents which are copied all share an access ID, which excludes the possibility of using them to hack one system using teamwork.

Not necessarily

Q:When exactly does an agent’s access ID change?

A:Agents loaded into a persona have that persona’s access ID; if you load the same agent into a different persona, the access ID will be that of the new persona. If an agent is loaded into another node to act independently, the agent will have a unique access ID, and any other copies of that agent running independently will have the same ID. When an agent is not running, a hacker may patch the code to change this unique access ID (p.234, SR4A).

So its possible for an agent to piggyback off of another persona's access ID.
Also, an Agent carrying Spoof in its Payload should be able to make the Spoof(2) test to temporarily change its access ID.
It makes a bit more sense to me, because my group has gotten in the habit of using full-length commcodes, which have a certain format for where the call is coming from.


Also, regarding the inconsistent persona-vs-node Access ID - its not that of a far fetch for both to happen at once.
To use a real world analogy: Each machine has an IP address, but each user on that machine has a slightly longer address so you can tell them apart and get ahold of a specific user.
A better analogy would be an office extension number. You can reach this machine at ABC-XYZ-1234, and this user at extension 456.

[Fortinbras]

Also, an Agent carrying Spoof in its Payload should be able to make the Spoof(2) test to temporarily change its access ID.

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

In terms of worms and Teamwork tests, unless I'm very much mistaken, Agents needn't be in the same node to assist each other with things like data searching or trying to access the same node for a DDoS if they are loaded onto different nodes, they just need to be able to communicate with one another.

They can't assist each other with hacking or cybercombat, because that would require them to be on the same node, which can't be done because they share an Access ID. They can, while on different nodes, all call the same number at the same time, creating a DDoS. More than one won't be allowed on the node, but the access requests are what clogs the system. No contradiction that I can see.
Nor can I really see a problem with worms having the same access ID. As long as they all infect different nodes, how is that a problem?

It's easy to say that Agents should be able to duplicate themselves ad infinitum to represent computes as we know them, but that creates the Agent Smith scenario and makes the Matrix unplayable.
And don't forget that computers as we know them were crashed for being too slow and archaic. To complain about the difference between the Matrix and modern computing is like complaining that the Internet could never work because no one could keep track of all the punch cards. It's a vastly complex system explained as best it can in gaming terms.
Wibbly Wobby, Timey Wimey. This is my Matrix machine. It goes ding when there's stuff. Just go with it.

[Udoshi]

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

Sadly, what you're discovering is that they TRIED to fix agent smithing, but didn't really flat out prevent it.

The spoof test is allowed to anyone who can run the program, and you're actually wrong. You can use it on the commlink, and the personas running on it, and, as i pointed out earlier, agents loaded onto your commlink use the link's ID, not their own.

The extended unwired test is only for changing the permanent ID of an agent - much like you can use Hardware to spoof your commlink's ID(if you'd bothered to read the rules, you'd notice its a hardware or spoof (2) test) if you so choose.
The key difference is that the unwired test is not a spoof test; its logic+software, and furthermore its a patch which is an important distinction because software creation suites would not give a bonus to it.
You see, nothing prevents agents and IC from loading spoof, and many of the sample ic actually come with it preloaded. Once its loaded, assuming its a Mook, it can take any Actions available to it in its passes. Just like any other user.

That's would be the difference between low rating cracked civvy crap agents who can't get their hands on real hackware for their agents, and have to use the inefficient test because they don't know any better.


The ONLY entity in the matrix who is forced to use a more complex test to spoof their ID are AIs, and that is explicity spelled out as a spoof test. (RC 88)
Unfortunately for yoru arguement, Spoof tests and Software tests are not the same, but they are two distinct options, each with their benefits and drawbacks, and you're free to use either one.

[Fortinbras]

The spoof test is allowed to anyone who can run the program, and you're actually wrong.

I'm not.

The standard technique to reduce your datatrail is to spoof your
commlink’s access ID. There are two ways to change your access ID;
both take only a few minutes. You can alter your access ID by reprogramming
your router settings with a Hacking + Software (2) Test, but
this only lasts until your commlink is rebooted. A more permanent
solution is to alter the hardware with a Hardware + Logic (2) Test,
which lasts until the hardware is altered again or replaced.

Both the Hardware and Software test only change the Access ID of the commlink, through either the router or the commlink's actual hardware. A persona uses the Access ID of the commlink it's on, however an independent Agent keeps it's unique(i.e. one of a kind) Access ID as alluded to in the FAQs you quoted(and on SR4A p. 234.)
Plus, as you'll recall, Agents have no Software skill so they can't change the router nor can they change the hardware as they only exist in the Matrix. Calling it 'Spoofing' probably threw you off.

The other way you know I'm right is that statements of fact require no qualifiers.

[Brainpiercing7.6...]

Sadly, what you're discovering is that they TRIED to fix agent smithing, but didn't really flat out prevent it.

The spoof test is allowed to anyone who can run the program, and you're actually wrong. You can use it on the commlink, and the personas running on it, and, as i pointed out earlier, agents loaded onto your commlink use the link's ID, not their own.

The extended unwired test is only for changing the permanent ID of an agent - much like you can use Hardware to spoof your commlink's ID(if you'd bothered to read the rules, you'd notice its a hardware or spoof (2) test) if you so choose.
The key difference is that the unwired test is not a spoof test; its logic+software, and furthermore its a patch which is an important distinction because software creation suites would not give a bonus to it.
You see, nothing prevents agents and IC from loading spoof, and many of the sample ic actually come with it preloaded. Once its loaded, assuming its a Mook, it can take any Actions available to it in its passes. Just like any other user.

That's would be the difference between low rating cracked civvy crap agents who can't get their hands on real hackware for their agents, and have to use the inefficient test because they don't know any better.


The ONLY entity in the matrix who is forced to use a more complex test to spoof their ID are AIs, and that is explicity spelled out as a spoof test. (RC 88)
Unfortunately for yoru arguement, Spoof tests and Software tests are not the same, but they are two distinct options, each with their benefits and drawbacks, and you're free to use either one.

Ok, just to clarify:

Spoof comes with a few different uses:

Spoofing a command to come from a different access ID (i.e. persona, with different user account priviledges): This is the one that agents should be able to do easily. Also, since I believe you run several identical agents on your commlink (because they are running as programs, not connecting), you can use those many agents to spoof a large number of commands, some of which will eventually get through. At the very least you can use several commlinks to run those agents, all of which try to spoof commands for you.

Spoofing your access ID for a matrix connection (this was apparently changed in 4A, in 4E this was actually a hacking+spoof for the commlink): This is a harder one, because if you spoof your access ID online, you are instantly logged off the matrix (as per Unwired P99), as all your connections are closed. Now what happens then? A commlink/persona simply reconnects with the new access ID, and it should stay spoofed until it logs off again. Interestingly enough, spoofing your access ID online uses hacking + spoof once again, as long as it is an opposed test with a IC, as previously in 4E. So if you were to have to use the RAW literally, you would have to jam your agent's connecting (to your home node) with IC, and then let it spoof, and finally reconnect.
But using common sense (yes, yes, I know...) I would assume agents can simply spoof their access ID online using Pilot+spoof, if you tell them to. Which means that as long as an agent is running independantly, you can run multiple copies with multiple access ids, all of which were spoofed by the agents themselves.

Using a proxy server: Theoretically, one copied agent running on x nodes could use x-1 proxy servers to receive x individual unique access ids, and use those to hack a system using teamwork. That's a bit more complicated, but since there is malware that sets up a proxy for you, and for some reason that is cheaper than real agents (I think), it's not such a big problem. You could also do it by hacking a few systems and use them to set up a few proxies. You lose some response though, either way, IIRC.

These things would all be simpler if the system were more consistent, i.e. if you actually added up ALL the possible influences on a test, rather than having certain things replace others.

For instance, instead of letting pilot replace skill, you should let it replace logic, and use a skill software, with an additional program for a specific task. (And use the same system for meat hackers/techos/etc.) Adjust thresholds to taste. Well...

[Fortinbras]

Also, since I believe you run several identical agents on your commlink (because they are running as programs, not connecting)

No. Agents run a unique Access ID when running independently. If more than one of the same Access ID logs onto a node, the second one gets kicked off or deleted. You can run several on your persona, though that get's into subscription and System requirements.

But using common sense (yes, yes, I know...) I would assume agents can simply spoof their access ID online using Pilot+spoof, if you tell them to. Which means that as long as an agent is running independantly, you can run multiple copies with multiple access ids, all of which were spoofed by the agents themselves.

Spoofing a commlink's Access ID requires a Software or Hardware roll, something an Agent can't do. Even if you were to use the old 4E rules, that would simply change a commlink's Access ID and not the Agents unique ID, as per Unwired.

Using a proxy server: Theoretically, one copied agent running on x nodes could use x-1 proxy servers to receive x individual unique access ids, and use those to hack a system using teamwork. That's a bit more complicated, but since there is malware that sets up a proxy for you, and for some reason that is cheaper than real agents (I think), it's not such a big problem. You could also do it by hacking a few systems and use them to set up a few proxies. You lose some response though, either way, IIRC.

A proxy doesn't change your Access ID, it simply makes it harder to trace your data trail by rerouting you through another node. Thusly, Agent's don't have their unique Access ID changed by a proxy server either.

You are welcome to use the old 4E rules for such things, but that is what Zarek was bemoaning. It is also what many a poor GM was bemoaning before Catalyst fixed this problem. It was a problem, but it has been fixed with a supplement and fixed better with a revision to the corebook. To complain about the inconsistency of old rules that have since been remedied is like complaining that LBJ needs to do something about this war in Vietnam.

[Wiseman]

Like a lot of things in Shadowrun, there are tons of anxillary and situational rules that curb abuse, but it's up to you as the GM to apply them.

Let's go over what limits agents and botnets

1) Processing power (if running on your node)
2) Subscription Limits (if running on any other node)
2b) Botnets bypass the subscription limits by grouping. That means every bot must be given the same command. This also means you can spoof the whole botnet with one command. Exactly the same as drones sharing a single subscription.
3) Agents are retards. They're not very smart, even with good scripting they tend to get hung up when faced with unexpected situations. There are rules for how "smart" an agent is based on it's rating. Use this.
4) Using a cracked agent to copy over an over means they ALL have the same access ID. This means only one can be in a system at a time (since repeat access ID's are denied from the server)
5) Botnets of any size have the same access ID. This means they cannot all hack a system, or even attack it. All they can really do is spam the system (DDOS), or scan the matrix for vulnerabilities (Mass Probe) because neither requires them to actually log on a node (and every one would fail after the first). They can also assist with Data Search, but not all that much better than just having a few agents can.
6) Agents are programs and degrade, upkeep costs required
7) Botnets not only degrade as agent programs, but bots are "lost" over time per the rules for botnets. They require even more upkeep.
(IMG:style_emoticons/default/cool.gif) Botnets require a botnet program to command them all. This means all bots of the botnet trace back to whoever commands them. Most people use proxy servers to bypass this risk.
9) It's possible to steal a WHOLE botnet. Botnet size #120 to #0 in one combat turn...
10) Botnets have their uses, but as spelled out in Unwired, due to redundancy and limits of their programming, even mega corporations use them sparsely. They're just not super effective. More, as noted by others, any spider who notices a full scale botnet DDOS can deny the entire botnet by tweaking the access permissions to deny an access ID, a range of access ID's, or even any Access ID not already specifically allowed.

I strongly suggest you re-read the whole section on agents in SR4a and Unwired. Not that everything becomes crystal clear, but you'll begin to see the limits of bots in general and botnets in whole.

P.S. - I didn't have time to read the entire thread, but I got through about a page and half, apologies to anyone who's already noted the above and most likely explained it better than I.

[Brainpiercing7.6...]

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

Since agents running independantly have their own set of matrix attributes (derived off the node they are running on just as a persona's are by the commlink employed by the user), and have their own icons, I don't see them as any different than "personas" in any identifiable way. Their pilot acts as the controlling instance (the skills), and everything else is matrix attributes, derived off hardware and software, the same as any matrix user.

Of course, they are still programs, running on certain processing power (the response rating of the node they are running on). Before they can run independantly, they have to be started up on some sort of computer, which I would say can also be the commlink of the matrix user himself, they are just not integrated into his persona, they are running on his node (his commlink has to be its own node, too, or else you could never hack one). They can then be transferred to other nodes, or move on their own. They then use the response of the other node.

On P99 of Unwired, it says this bit:

Spoofing a Datatrail Online
Since nodes require an access
ID before they will allow a connection,
it is important to spoof your
datatrail (if you are so inclined)
before you actually access other
nodes. Once you have logged onto
other nodes, a change in access ID
will automatically close your connection
to other nodes—after all,
you are no longer who you said you
were. Under some circumstances,
this may be an expedient way of
closing multiple connections. For
example, if you are under attack by
Black IC in another node, you can
try to spoof your datatrail in order to change your access ID and log
off that node. If the Black IC is jamming your connection, however,
this will require an Opposed Test pitting your Hacking + Spoofing
versus the Black IC rating + Response.
You can also use this trick to try and avert a direct trace. If
someone is using Track to trace you, you can spoof your datatrail
and change your access ID as normal. While this will sever all of
your connections, it means that the Track will only be able to
trace you to the nearest node that your connection happened to
have been routed through. The tracking hacker can still acquire
your old access ID, but will not be able to pinpoint your exact
physical location—though he will know that you are close to
that nearest node.

Now to me this means that there is still the possibility of using Hacking+Spoof to change an access ID, or else you would never be able to do that opposed test. And Agents are allowed to use their Pilot rating in place of the hacking skill. Now the question is what will happen to an agent that tries this? Will its process be killed, or will it just be logged off the node, and have to reconnect? I could argue that I can program my commlink to not kill the process when the agent that is running on my node (but not my persona) changes its access ID, and then let it reconnect to the node, in which case I now have an agent running on my node with a new access ID.

Of course, if you argue that its process is automatically killed, well, that's that then. However, I have another option, and that is multiple commlinks:

Each commlink is a new Persona, because the commlink determines my matrix attributes. So now I get a bunch of additional commlinks, and load up my identical copied agents (which are more expensive than the commlinks) into each commlink's persona. Then I spoof each commlink's access ID with a very quick test, and end up having several agents which are no longer identical, because each is running in a seperate persona with a new access ID. These I can then use as I wish.

In terms of worms and Teamwork tests, unless I'm very much mistaken, Agents needn't be in the same node to assist each other with things like data searching or trying to access the same node for a DDoS if they are loaded onto different nodes, they just need to be able to communicate with one another.

They can't assist each other with hacking or cybercombat, because that would require them to be on the same node, which can't be done because they share an Access ID. They can, while on different nodes, all call the same number at the same time, creating a DDoS. More than one won't be allowed on the node, but the access requests are what clogs the system. No contradiction that I can see.
Nor can I really see a problem with worms having the same access ID. As long as they all infect different nodes, how is that a problem?

Ok, I'm with you there.

It's easy to say that Agents should be able to duplicate themselves ad infinitum to represent computes as we know them, but that creates the Agent Smith scenario and makes the Matrix unplayable.
And don't forget that computers as we know them were crashed for being too slow and archaic. To complain about the difference between the Matrix and modern computing is like complaining that the Internet could never work because no one could keep track of all the punch cards. It's a vastly complex system explained as best it can in gaming terms.
Wibbly Wobby, Timey Wimey. This is my Matrix machine. It goes ding when there's stuff. Just go with it.

The trouble is that the writers didn't just replace computers as we know them with a new magical computer matrix. They tried to extrapolate from what there is, and hence, people think things should still work as we know them. It's really a "it doesn't say I can't" problem, because people can create possibilities both from rule loopholes, as well as demanding that things work they way they think they should, because the options aren't clearly defined.

[hobgoblin]

Earlier editions tried more closely to mirror the computers found in Neuromancer and later (funny, given that the author borders on a technophobe), but got decried by the IT-geeks of the crowd. With SR4 the person responsible for the matrix chapter used crash 2.0 as a opportunity to move things closer to real life. Out goes gray IC, in goes AR, end result is that the in your face threat of hacking/decking have gone away (unless your a TM or AI).