Homebrewed Intrusion Countermeasures/"ICE", Unwired has some good ones, but what have you made? |
Homebrewed Intrusion Countermeasures/"ICE", Unwired has some good ones, but what have you made? |
Feb 15 2012, 05:01 AM
Post
#1
|
|
Target Group: Members Posts: 51 Joined: 8-December 08 From: Ottawa, Ontario Member No.: 16,668 |
While helping another GM with some Matrix questions I somehow found myself trying to make some more ICE outside of the one's in Unwired, aiming for something unexpected. I think this might cause some headaches, especially if used with something more traditional.
"Offensive" Sapper: Programs: Exploit, Data Bomb, both at the same rating as the Agent, for ease of use. 1) It does nothing until provided with an Access ID of a persona on a Node (usually by the Issue Command Simple Action SR4A p.229 by a security rigger). 3) It uses Exploit (SR4A p.233) to "Hack On The Fly" to try and brute force itself into the target node. (Complex Action SR4A p.230&235) 4) When it breaches the target's node, it will use the Set Data Bomb action (Complex Action SR4A p.231) on the node it's in. Password something predetermined by the owner of the agent. 5) If still running, it will try to hack into peripheral devices (Smartlinked guns, AR glasses, earbuds, etc). The success of this might depend on the layout of the target's PAN. (GO TO STEP 3.) So, what happens if a hacker's commlink gets a Databomb placed on it while he's off doing something else? Does it go off when they try to launch/deactivate or execute a program? |
|
|
Feb 15 2012, 05:58 AM
Post
#2
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
Jesus, is such a thing even IC anymore? More like malware; it's not even countering intrusion. (IMG:style_emoticons/default/smile.gif)
|
|
|
Feb 15 2012, 08:48 AM
Post
#3
|
|
Runner Group: Members Posts: 2,782 Joined: 28-August 09 Member No.: 17,566 |
My favorite IC strategy is probably the 'self loading IC-in-the box'. Its pretty complicated so I'm just going to link it, but basically it uses two useless/underpar/cheap/underestimated IC programs, paydata, an archive/encrption guardian trap from unwired and a stealth program to be really, really really annoying.
My other favorite is a databomb with the Pavlov and Limitation restrictions. Its basically the nuclear solution for kicking intruders off of nodes, without hurting you. If you can meet the ridiculous availability for a program with 3 options, the timer option makes it even funnier. Also worth noting: Data bomb can pretty easily crash nodes, can't it? If you're subscribed to a node, you have an icon there. If you have an icon, it has a matrix condition monitor of 8+half system. Data bombs hit everything in a node, so I think this means you can actually knock people's implants offline fairly easily - a restart, and they are good to go, but its a good way to temporarily knock out a smartlink. Also the being under attack in multiple node rules are pretty brutal. Froggie: Your IC desperately needs Analyze to find hidden pathways to other nodes(see matrix perception), as well as Browse to identify other nodes from the access log. The good news is those things are both cheap and Ergonomicable. It also cannot function without Decryption and, unless you want to default, an Electronic Warfare autosoft. Seriously, Encryption 1 is a 50 nuyen common use program. EVERYONE runs it. Its about as basic as a firewall. If you cannot even make a test to decrypt a node, then you cannot hack it. Since you want a fire and forget asshole IC, it needs to be able to break into nodes independently. I suppose you COULD decrypt things for it, but that is really incredibly action innefficient. Also without any stealth program, it will instantly trigger an Alert when it tries to hack on the fly (Firewall+analyze vs threhold 0 = lose), meaning any node it is sent against will get a +4 firewall bonus against it and also Oppose any changes it tries to force on the node - meaning it is highly unlikely to do anything. Being overt and deliberately setting off alerts is a GREAT way to get attention and force someone to deal with the threat, though. Personally, I would emphasize those traits and load it up with a copy of the Unplug virus and/or Ticker virus. It gets in a node, sets a data bomb, and then starts deleting things, unloading programs, trying to crash the node, spreading viruses and generally being very obviously UNHELPFUL until reinforcements show up to try to get rid of it - and then the data bomb goes off. Its kind of like the matrix version of the 'flaming sack of poop on the doorstep" prank, followed by a swift kick to the jimmies. |
|
|
Feb 15 2012, 09:00 AM
Post
#4
|
|
Horror Group: Members Posts: 5,322 Joined: 15-June 05 From: BumFuck, New Jersey Member No.: 7,445 |
Jesus, is such a thing even IC anymore? More like malware; it's not even countering intrusion. (IMG:style_emoticons/default/smile.gif) Technically it is. IC stands for "Intrusion Countermeasures," which if you break it down is a measure taken counter to an intrusion. It's just... very proactive in that it's more like a counterattack. It would also be hilariously annoying, because most hackers will have their commlinks loaded with their hack programs and won't be running IC of their own. So their choices are to try to engage this little bastard in cybercombat upon their own commlink, or hit the reset switch and eat their dumpshock. |
|
|
Feb 15 2012, 12:19 PM
Post
#5
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
Also worth noting: Data bomb can pretty easily crash nodes, can't it? If you're subscribed to a node, you have an icon there. If you have an icon, it has a matrix condition monitor of 8+half system. Data bombs hit everything in a node, so I think this means you can actually knock people's implants offline fairly easily - a restart, and they are good to go, but its a good way to temporarily knock out a smartlink. Please give a quote where it states that a data bomb affects all icons on a node. QUOTE (SR4A p.233) When triggered, a data bomb “explodes” and attempts to crash the icon that accessed the file or node. Data bombs may also be instructed to erase the file or crash the node, if the owner chooses. My favorite is a Databomb 6 w/ Pavlov, Biofeedback 6P and maybe Psychotropic 6 - aviability is just 26R or 42R with psychotropic (or 48 Karma for Technomancers). |
|
|
Feb 15 2012, 12:24 PM
Post
#6
|
|
Horror Group: Members Posts: 5,322 Joined: 15-June 05 From: BumFuck, New Jersey Member No.: 7,445 |
My favorite is a Databomb 6 w/ Pavlov, Biofeedback 6P and maybe Psychotropic 6 - aviability is just 26R or 42R with psychotropic (or 48 Karma for Technomancers). "Just" 26R, 42R with the psychotropic option? So in other words, it's no sweat if the player's rollodex of contacts happens to include the Lofwyr as a Loyalty 5 Contact? (IMG:style_emoticons/default/smile.gif) |
|
|
Feb 15 2012, 12:46 PM
Post
#7
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
If you use the "degrading dice" extended test mechanism and the piracy rules, any char with a browse DP of 20 and a warez group contact can get programs up to aviability 45 in a few seconds for 10% of the original price while buying hits. With 16 dice, you get up to AV28.
|
|
|
Feb 15 2012, 02:51 PM
Post
#8
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
Those aren't trivial prerequisites, of course, but yes: another glitch of the Avail system. (IMG:style_emoticons/default/smile.gif)
|
|
|
Feb 15 2012, 03:25 PM
Post
#9
|
|
Prime Runner Ascendant Group: Members Posts: 17,568 Joined: 26-March 09 From: Aurora, Colorado Member No.: 17,022 |
Those aren't trivial prerequisites, of course, but yes: another glitch of the Avail system. (IMG:style_emoticons/default/smile.gif) But it does fit the fluff of the world. I refer you to the story where the hacker stops MID HACK to acquire a piece of SOTA software he does not have, and does it in mere seconds. |
|
|
Feb 15 2012, 03:37 PM
Post
#10
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
He's a super-hacker, and I never, ever read fluff stories.
|
|
|
Feb 15 2012, 03:45 PM
Post
#11
|
|
Prime Runner Ascendant Group: Members Posts: 17,568 Joined: 26-March 09 From: Aurora, Colorado Member No.: 17,022 |
He's a super-hacker, and I never, ever read fluff stories. Heh... Maybe you should. (IMG:style_emoticons/default/smile.gif) |
|
|
Feb 15 2012, 07:09 PM
Post
#12
|
|
Target Group: Members Posts: 51 Joined: 8-December 08 From: Ottawa, Ontario Member No.: 16,668 |
Thanks for the tips Udoshi - that jack in the box ICE is hilarious.
I'll add in those Analyze, Datasearch and Stealth programs - without them this thing is just an annoyance but I can see both configurations being useful. |
|
|
Feb 15 2012, 07:37 PM
Post
#13
|
|
Runner Group: Members Posts: 2,705 Joined: 5-October 09 From: You are in a clearing Member No.: 17,722 |
But it does fit the fluff of the world. I refer you to the story where the hacker stops MID HACK to acquire a piece of SOTA software he does not have, and does it in mere seconds. And then he uses that Pirated software and it turns out that it's infected as hell. It takes hours/days to check your stolen software for bugs/viruses/whatever and then remove them. Drop in the bucket though when you're talking about stuff in the availability 20+ range... |
|
|
Feb 15 2012, 07:40 PM
Post
#14
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
No way, TJ. Not only are all fictions based on games bad, but they never follow the game rules; therefore, they shed no light. (IMG:style_emoticons/default/nyahnyah.gif)
|
|
|
Feb 15 2012, 07:41 PM
Post
#15
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
It takes hours/days to check your stolen software for bugs/viruses/whatever and then remove them. QUOTE ( UW p.109) To verify that a program is what the character thinks it is or to determine what kind of program he is dealing with, he must analyze it, requiring a simple Software + Analyze Success Test. The number of hits determines how much information he gains about the program in questions, as noted on the Verifying Programs Table, p. 109. In order to detect a virus in a program, a number of hits equal to half the virus’s rating must be scored (see Viruses, p. 120). It takes one action to verify the software, it just takes days/weeks to remove the bugs from it. |
|
|
Feb 15 2012, 07:47 PM
Post
#16
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
I think that's what Sithney said, but the clarification is handy. (IMG:style_emoticons/default/smile.gif) The GM should definitely be screwing you over for trying to use the Piracy rules.
I feel like most hackers *will* be running IC/defenses on their commlink; most discussions around here assume that. These little monsters would still suck, though. (IMG:style_emoticons/default/smile.gif) Things like this are a reason people avoid the matrix, though; you're too busy being destroyed by thousands of bots, databombs are simply broken, etc. |
|
|
Feb 15 2012, 07:51 PM
Post
#17
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
well, i as a gm encourage the use of piracy - because it makes sense. as a player, my hacker char has ~2 dice for verifying software, so it does not matter either - sometimes i need to download a program twice.
|
|
|
Feb 15 2012, 11:15 PM
Post
#18
|
|
Moving Target Group: Members Posts: 196 Joined: 23-August 11 Member No.: 36,571 |
Gray ICE.
Fuck RA, yeah baby. |
|
|
Feb 16 2012, 01:43 AM
Post
#19
|
|
Runner Group: Members Posts: 2,782 Joined: 28-August 09 Member No.: 17,566 |
Please give a quote where it states that a data bomb affects all icons on a node. I was partially confusing data bombs for the more potent dissonant node mine, but in the end, it doesn't matter. 4A233: Data Bomb programs create a specialized form of reactive executable in a file or node, called a data bomb (note the difference in capitalization: Data Bomb is the program, whereas a data bomb is the executable set by the program). A data bomb is attached to a specific file or node and set to activate if someone accesses the file or node without authorization. When triggered, a data bomb “explodes” and attempts to crash the icon that accessed the file or node. Data bombs may also be instructed to erase the file or crash the node, if the owner chooses. Data bombs are set with the Set Data Bomb action (p. 231). 4A 231: You set a data bomb in a file or node. When you do so, you must choose the rating for the data bomb (up to the rating of the Data Bomb program), whether or not it will delete the file or crash the node to which it is attached when activated as a secondary effect, and the passcode required to deactivate it. Data bombs may be attached to archives that are also protected by Encrypt programs. The way a data bomb triggers depends on whether it is attached to a file or a node: it activates when a file is accessed, or when an icon logs onto a node, respectively, without using the data bomb’s passcode. When a data bomb is triggered, it causes its rating in Matrix Damage to the icon that tripped it and performs its secondary effect (if any), and then is deleted. If the passcode is used, the data bomb does not activate and remains attached to the file or node. unw 116: Pavlov is an option specific to Data Bomb programs. A Pavlov Data Bomb does not crash when detonated and remains armed, but is in all other regards handled like a normal Data Bomb (see p. 226, SR4 ). 4a: Data Bomb has been made more dangerous. When it “detonates,” a data bomb now inlficts a number of boxes of Matrix damage equal to (rating x 1D6), then the data bomb is deleted. So a rating 6 data bomb hits from 6 to 36 damage. OW. Oh, sure, you get to resist matrix damage, but hey, if you're a technomancer, you're probably dead. Pavlov + Terminate Connection = hilarity. Sadly I don't think there is anyway to make a pavloved bomb repeatedly attack a user, its just a one-time thing. 4a 229: Crash Node (exploit): Any users accessing the node via VR must resist Dumpshock when the node crashes, in-cluding the hacker. Put that together, and offensive data bombing is hilarious. |
|
|
Feb 16 2012, 10:58 AM
Post
#20
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
Combine it with the Biofeedback and Psychotropic options and it will seriously fuck up every hacker (and kill every technomancer). If you are a techno, you could thread a R12 Data bomb with these options ...
|
|
|
Feb 16 2012, 12:45 PM
Post
#21
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
That says more about databomb than the tactic, though. They're simply broken, as if you gave runners infinite stealth grenades in the meat world.
|
|
|
Feb 16 2012, 01:18 PM
Post
#22
|
|
Moving Target Group: Members Posts: 881 Joined: 13-November 11 From: Vienna, Austria Member No.: 43,494 |
Rating*d6 Matrix damage is broken as hell, especially concerning technomancers.
|
|
|
Feb 16 2012, 02:02 PM
Post
#23
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
d6 anything is; since when is that a SR4 mechanic? Oh well, we've been over the mess that is databombs before (fun thread, search if interested). (IMG:style_emoticons/default/smile.gif)
|
|
|
Feb 16 2012, 02:08 PM
Post
#24
|
|
Runner Group: Members Posts: 2,782 Joined: 28-August 09 Member No.: 17,566 |
I would agree that the data bomb damage formula is ass. In 4th i think it was kind of stupid, but there is definitely a more reasonable middle ground between where it was and where it is now
|
|
|
Feb 16 2012, 02:13 PM
Post
#25
|
|
Advocatus Diaboli Group: Members Posts: 13,994 Joined: 20-November 07 From: USA Member No.: 14,282 |
Back to the OP: I rarely use IC (as a player) in-game, because independent friendly entities in RPGs are just suck. Followers, cohorts, pets, NPC tagalongs, bleh; they just take away from the players. As matrix *enemies*, though, a reasonable amount of IC is good times. Can we talk about non-databomb examples? (IMG:style_emoticons/default/smile.gif)
|
|
|
Lo-Fi Version | Time is now: 28th March 2024 - 03:59 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.