Am I taking this idea a bit far?
Now, it states in the book that Agents can carry copies of your programs and employ them on its own, does that includes the Agent program itself?
Example:
Hacker gains entry to a node and wants to wreak havoc. He activates an agent loaded with Attack, Armour. Command and Agent.
The Agent is instructed to activate Agents and seek out different batches of files and then slow down the system so that nothing can bother the hacker, if they are attacked they are to defend themselves.
The node has a response of 7 (big computer system with plenty of resources, large science database).
Step 1: The Agent #0 activates Agent #1 and loads it with the same programs that it carries itself.
Step 2: Agent #0 and Agent #1 activates Agent #2 and Agent #3
After step 3 we would have lowered the Node’s response to 6 due to the fact that all four agents (0-4) just uploaded agent 5-8.
After a few more rounds there will be a huge army of them (say 16-20) and the response would be lowered to 6-4 or something.
Have I understood that correctly? The Agent is a program, thus an Agent can carry a copy of it, and upload it, and command it – or just copy it’s own instructions into the new ones.
Full Version: Agent carriers?
This is what we refer to as a "Denial of Service" attack. 
But the problem with this technique is going to be that the node will be forced into a reboot when it reaches 0 system, correct, so you can't do this on anything that you're searching for something on otherwise you'll have VERY little time to do what you need.
Would it be possible to load the agent with analyze, and then before replicating, check to see if the system is over 1, and if so replicate?
Would it be possible to load the agent with analyze, and then before replicating, check to see if the system is over 1, and if so replicate?
If your Agent program is a cracked version, then yes you can make more of them. And you could probably do the above scenario to crash a server by making insane amounts of Agents run on it.
However, I would suggest your GM to rule that once one has been defeated, the code is known to the system and the rest can be purged even faster. - Like a virus, once its known how to defeat it its easy. The Node simply removes resources from the Agents and they slow down/die/has to flee to other Nodes.
But as a way to illustrate or simulate a virus attack, I think the idea is cool.
However, I would suggest your GM to rule that once one has been defeated, the code is known to the system and the rest can be purged even faster. - Like a virus, once its known how to defeat it its easy. The Node simply removes resources from the Agents and they slow down/die/has to flee to other Nodes.
But as a way to illustrate or simulate a virus attack, I think the idea is cool.
If I ever find an excuse do that, my agents will take the form of penis enlargement ads. 
| QUOTE (weblife) |
| However, I would suggest your GM to rule that once one has been defeated, the code is known to the system and the rest can be purged even faster. - Like a virus, once its known how to defeat it its easy. The Node simply removes resources from the Agents and they slow down/die/has to flee to other Nodes. |
I’m not so sure, the problem is that unlike a virus that can only do one specific thing (like replicating itself) the pilot programs would essentially be limited hackers, or in this case HK programs that could seek out any user that is online and attack it/them and gang up on them.
Unlike a virus these suckers have Armour and Attack programs so they might know HOW to defeat them but unfortunately it is either by Reboot or brute force.
Another evil tactic would be to upload an agent with BTL programs in another individuals commlink and upload them one after another
| QUOTE (The Jopp @ Feb 7 2006, 09:25 AM) | ||
I’m not so sure, the problem is that unlike a virus that can only do one specific thing (like replicating itself) the pilot programs would essentially be limited hackers, or in this case HK programs that could seek out any user that is online and attack it/them and gang up on them. Unlike a virus these suckers have Armour and Attack programs so they might know HOW to defeat them but unfortunately it is either by Reboot or brute force. Another evil tactic would be to upload an agent with BTL programs in another individuals commlink and upload them one after another |
They are also exactly identical.
The Node simply ceases to provide processing power to these programs. Remember they are running off the Node and have no power except that granted by the Node.
Simple "file search" and "stop process" commands, bypassing the program and its fierce protective programs and pack attack forms.
EDIT: Hell, there might even be anti-piracy programs active on large nodes that prevent multiple counts of the same registered program to run. Remember all other programs have a serialnumber, this serialnumber could reasonably be read by the Node and then deny any attempt to run a second instance of that program on the Node.
That would also force players to plan ahead with their pirated software, they'd essentially have to make new and fake registration info for each instance of the software they need to run. - Not unreasonable as its easy to do in downtime, but might be hard to do on the fly when creating thousands of Agents in a few microseconds.
| QUOTE (weblife) |
| They are also exactly identical. The Node simply ceases to provide processing power to these programs. Remember they are running off the Node and have no power except that granted by the Node. Simple "file search" and "stop process" commands, bypassing the program and its fierce protective programs and pack attack forms. |
Hmm, very good point. So why cant us poor hackers do the same? If I have hacked myself into the system and is attacked by IC or an Agent why cant I just use “”Command” to shut down all IC programs? Or spend one turn to observe in detail (while defending myself in combat) and then turn off all active defences?
At best they could use “Crash Program” action to represent the system attempting to shut down a replicating virus. The agent might run on another system but that does not mean that they have access to the agent since it doesn’t accept commands from said system – very much like a virus following its programming and ignoring commands from the user (like me trying to close down an active program in windows, and it refuses to shut down)
Still, using “Crash Program” action would have to be done on a large scale, and might take time. A virus runs on a computers OS but that doesn’t mean that the OS knows how to shut it off, you might find out WHAT virus it is and try to find the correct countermeasures but in this case you would find out that it is a very aggressive self-replicating attack program.
| QUOTE (weblife) |
| They are also exactly identical... |
Yes, but this is the entire purpose of giving the agent, say, an Exploit program. The node wants to purge all copies of this from memory? What if they're in protected memory? What if they rearrange their code to appear to not be identical? What if part of their standard shutdown procedure is to fork themselves to re-start after the shutdown command is completed, using a separate process? What if it hijacks someone else's process? What if it has its hooks into the system, and alters the "stop process" command to kill some innocuous process - maybe one created for the sole purpose of being shut down?
It's not as simple as "The node has complete control, it can do what it wants." If that were true, Hacking wouldn't ever work; the entire point of hacking is getting a node to do something it shouldn't.
And, more to the point... A node is controlled by software; so is the agent. If the Node can learn, so can the agent.
The only perfect way to protect against ANY attack is to shut the node down, which - depending on the nature of the attack - may defeat the purpose of defending.
Of course, you have a recursive problem when you try to load an agent that has a copy of itself... since it cannot be done with the rules as written (I believe). You'd have to have a copy of the agent that you want to load onto the agent itself... so whatever you loaded wouldn't have the copy of itself... jsut the result of the loading.
You could have one agent with a copy of another agent, though - but some interpretations of agents say you cannot store them with a payload... other than that, you could have ONE agent that can run a near infinate number of a second agent into memory in a node.
Course, try this once, and then see how your GM reacts.
Every other mission your commlink will grind ot a halt at inopportune times because some script kiddy got inside your defenses for one round, and fired up a worm-agent that consumed all your resources, then bailed.
You could have one agent with a copy of another agent, though - but some interpretations of agents say you cannot store them with a payload... other than that, you could have ONE agent that can run a near infinate number of a second agent into memory in a node.
Course, try this once, and then see how your GM reacts.
Every other mission your commlink will grind ot a halt at inopportune times because some script kiddy got inside your defenses for one round, and fired up a worm-agent that consumed all your resources, then bailed.
| QUOTE (weblife) |
| They are also exactly identical. The Node simply ceases to provide processing power to these programs. Remember they are running off the Node and have no power except that granted by the Node. Simple "file search" and "stop process" commands, bypassing the program and its fierce protective programs and pack attack forms. |
Wrong metagaming here.
As we do not know how computer programms work in 2070 and for consistency (you dont know whether the stuff you propose IS already included in the rules in an abstract manner) you only can use waht is in the rules.
The stuff you proppose is not in the rules and thus not an option.
| QUOTE (The Jopp) | ||
Hmm, very good point. So why cant us poor hackers do the same? If I have hacked myself into the system and is attacked by IC or an Agent why cant I just use “”Command” to shut down all IC programs? Or spend one turn to observe in detail (while defending myself in combat) and then turn off all active defences? |
All legal nodes use original software, their IC agents are each an original.
Hence, hackers have to defeat each one.
And while its correct that there's nothing in the rules defending what I suggest here, then the GM who allows hackers to walk all over nodes crashing them at will, might find himself in a game that will get weirder by the minute.
As I said, I really like the idea and will probably use it in my games, but I will not be surprised if the use and effectiveness will be limited by on-the-spot houseruling. Its clearly too easy to exploit.
Actually I doubt that each agent is an ”original” since it is a program it can be loaded several times.
Let’s be a bit crude and compare an agent like a Microsoft Word. If I install it on a computer I can run Microsoft Word several times, each running program will have it’s own icon/information in the task panel with individual memory allocation. For a company with a running node they could run the same IC program several times but with a different loadout of programs, the same goes for Agents.
If I upload an Agent that I have “cracked” then I could give a copy to a friend and install it on a commlink or move them to several commlinks, heck, let’s say I bought them legally then I can run as many of them as my system can handle. I can even upload them on different commlinks.
The only thing I remove is the actual copy protection, it does in no way alter its abilities. So let’s say I run an Agent, that can run other programs, this mean that I can allow it to run an active program within its Response capability, and that includes running copies of your programs and employ them on its own – Including agents since they are programs.
Here’s another fun part, hacking an Agent isn’t as easy either since it has a firewall equal to it’s rating and it will be an opposed test to crack the firewall and gain entrance to it’s OS (after all, an Agent is an independent OS with running programs that in turn has to be hacked to be accessed)
Let’s be a bit crude and compare an agent like a Microsoft Word. If I install it on a computer I can run Microsoft Word several times, each running program will have it’s own icon/information in the task panel with individual memory allocation. For a company with a running node they could run the same IC program several times but with a different loadout of programs, the same goes for Agents.
If I upload an Agent that I have “cracked” then I could give a copy to a friend and install it on a commlink or move them to several commlinks, heck, let’s say I bought them legally then I can run as many of them as my system can handle. I can even upload them on different commlinks.
The only thing I remove is the actual copy protection, it does in no way alter its abilities. So let’s say I run an Agent, that can run other programs, this mean that I can allow it to run an active program within its Response capability, and that includes running copies of your programs and employ them on its own – Including agents since they are programs.
Here’s another fun part, hacking an Agent isn’t as easy either since it has a firewall equal to it’s rating and it will be an opposed test to crack the firewall and gain entrance to it’s OS (after all, an Agent is an independent OS with running programs that in turn has to be hacked to be accessed)
Methinks the Real Life IT geeks are getting out of control again.
There is no reason to assume that the systems of 64 years from now will conform to current logic and systems theory. Especially right after a massive overhaul to the infrastructure.
The skills of the current kiddie seems to also be drastically underestimated. They know what we know. They know that the system doesn't like them. Actually they know that the system thinks they really suck. So they have programs and forms like stealth that wraps up all of the exploits that a kiddie would have, with agents and sprites to represent viruses and other nastiness that they place on someone else's system.
While I agree that we as Game Masters need to prevent this kind of attack, the easiest method would be one that the current IT geek is quite aware of. Virus zappers, traffic analyzers, and system resource monitors. Or whatever they use in 64 years after a massive infrastructure change. Attacked host rolls firewall or firewall+analyze every time an agent is loaded. Including the first. If kiddie's agent doesn't have Stealth, you're done. Proceed to smiting. If kiddie's agent launches, proceed with spawning. Rolling to detect for EACH agent spawned. Eventually they're gonna get caught and IC starts launching and Crash Program actions start popping off. As do screams for help to the administrator. Past a certain point I'd probably start telling the Hacker that they cannot use all of their actions to affect this system (on the all systems are now clustered theory) as it can't respond fast enough to give Mr Kiddie his dirt. Play your MMRPG with your other two actions.
I can't emphasize this enough.
1. This is a game, not the real world.
2. Our experience does not apply in 64 years. It probably won't in 10
Signed,
Another IT geek wanting NEW toys to play with
There is no reason to assume that the systems of 64 years from now will conform to current logic and systems theory. Especially right after a massive overhaul to the infrastructure.
The skills of the current kiddie seems to also be drastically underestimated. They know what we know. They know that the system doesn't like them. Actually they know that the system thinks they really suck. So they have programs and forms like stealth that wraps up all of the exploits that a kiddie would have, with agents and sprites to represent viruses and other nastiness that they place on someone else's system.
While I agree that we as Game Masters need to prevent this kind of attack, the easiest method would be one that the current IT geek is quite aware of. Virus zappers, traffic analyzers, and system resource monitors. Or whatever they use in 64 years after a massive infrastructure change. Attacked host rolls firewall or firewall+analyze every time an agent is loaded. Including the first. If kiddie's agent doesn't have Stealth, you're done. Proceed to smiting. If kiddie's agent launches, proceed with spawning. Rolling to detect for EACH agent spawned. Eventually they're gonna get caught and IC starts launching and Crash Program actions start popping off. As do screams for help to the administrator. Past a certain point I'd probably start telling the Hacker that they cannot use all of their actions to affect this system (on the all systems are now clustered theory) as it can't respond fast enough to give Mr Kiddie his dirt. Play your MMRPG with your other two actions.
I can't emphasize this enough.
1. This is a game, not the real world.
2. Our experience does not apply in 64 years. It probably won't in 10
Signed,
Another IT geek wanting NEW toys to play with
If you want to slog the system, don't use agents. Just adapt the Hog program from the SR3 Matrix rulebook. Even change it to affect the system. Using agents is just getting fancy. Of course, you could use an agent to launch the program...
As an opposite note: Setting up our defenses against hacking attempts.
---
*EDIT* Ok, this example is done with my interpretation of the Response rules (the one in the SR4 book must be wrong) Response lowers the rating of the programs you can run, you calculate Response X for the total amount of programs you can run from the ORIGINAL response value of the Commlink, not the modified value from X amount of programs.
---
Well, we now know that a hacker have quite a few abilities in using agents and other programs to foul any sysadmins day as long as they manage to hack their way into the system. So, what tricks can the opposition use? Well, the first step is to find the hacker, and if he hasn’t loaded up his stealth program he’s in a bit of trouble.
Let’s turn the tables and imagine someone hacking someones “light” tiered network of two commlinks. The “firewall” commlink is the first line of defense and is on standby with the following programs running within the commlink.
The system is a Novatech navi with a response of 5 and with access to IC and agents at rating 4. Standard loadout is the following.
1. Databomb – (Device, Commlink)
2. Encrypt – Signal
3. IC – (Analyze, Armour, Attack, Medic)
4. IC - (Analyze, Armour, Attack, Medic)
5. IC - (Analyze, Armour, Attack, Medic)
These are the first five programs, still keeping the response at 5. Just for the hell of it we decide to go with a massive defense, and add some more and lowering the response to 4 – the IC and Agents will still function at their full rating.
6. IC – (Analyze, Track, Spoof, Stealth)
7. IC – (Analyze, Track, Spoof, Stealth)
8. Agent – (Exploit, Analyze, Decrypt, Defuse)
9. Agent – (Exploit, Edit, Command, Browse)
10. Agent – (Attack, Armour, Stealth, <Optional>)
Now we are down at Response 4 so our firewall and system is reduced to 4. All the IC is running active on the Node and they will be analyzing the system and searching for intruders ALL the time, even if the hacker has more in response and a slightly better program he’s up against three IC programs that can spot the intruder at any moment, and attack. In a multiple combat it would be 3-1 as the hacker will be attacked from all sides.
At the same time as he/she is found two other IC programs will track the intruder back to his node, and as soon as he is found three agents will combine their abilities to hack into his system and attack him in his “home” node.
---
*EDIT* Ok, this example is done with my interpretation of the Response rules (the one in the SR4 book must be wrong) Response lowers the rating of the programs you can run, you calculate Response X for the total amount of programs you can run from the ORIGINAL response value of the Commlink, not the modified value from X amount of programs.
---
Well, we now know that a hacker have quite a few abilities in using agents and other programs to foul any sysadmins day as long as they manage to hack their way into the system. So, what tricks can the opposition use? Well, the first step is to find the hacker, and if he hasn’t loaded up his stealth program he’s in a bit of trouble.
Let’s turn the tables and imagine someone hacking someones “light” tiered network of two commlinks. The “firewall” commlink is the first line of defense and is on standby with the following programs running within the commlink.
The system is a Novatech navi with a response of 5 and with access to IC and agents at rating 4. Standard loadout is the following.
1. Databomb – (Device, Commlink)
2. Encrypt – Signal
3. IC – (Analyze, Armour, Attack, Medic)
4. IC - (Analyze, Armour, Attack, Medic)
5. IC - (Analyze, Armour, Attack, Medic)
These are the first five programs, still keeping the response at 5. Just for the hell of it we decide to go with a massive defense, and add some more and lowering the response to 4 – the IC and Agents will still function at their full rating.
6. IC – (Analyze, Track, Spoof, Stealth)
7. IC – (Analyze, Track, Spoof, Stealth)
8. Agent – (Exploit, Analyze, Decrypt, Defuse)
9. Agent – (Exploit, Edit, Command, Browse)
10. Agent – (Attack, Armour, Stealth, <Optional>)
Now we are down at Response 4 so our firewall and system is reduced to 4. All the IC is running active on the Node and they will be analyzing the system and searching for intruders ALL the time, even if the hacker has more in response and a slightly better program he’s up against three IC programs that can spot the intruder at any moment, and attack. In a multiple combat it would be 3-1 as the hacker will be attacked from all sides.
At the same time as he/she is found two other IC programs will track the intruder back to his node, and as soon as he is found three agents will combine their abilities to hack into his system and attack him in his “home” node.
Small oddity I found, can someone explain this.
System is limited by Response
If System runs more programs than it has Response then Response is lowered by 1.
If Response is lowered by 1 then System is lowered by 1.
If System is lowered by 1 then the amount of Programs one can run is reduced by 1 before response is affected.
Ok, fine, but lets look at it. *EDITED*
Here’s from the book
*SNIPPED*
Response (Hardware)
Response may be affected if you run too many programs.
For every x number of programs you have actively running,
where x = System rating, your Response is reduced by 1. So if
you’re running 10 programs with a System 5, your Response
will be reduced by 2.
*SNIPPED*
Ok, with the above example one can never utilize ones commlink since it will crash by itself.
If I use my response of 5 and load up to 5 programs my response will be lowered by 1, if I run 10 programs it will be reduced by 2, but wait, there’s more.
When the Response have been reduced by 2 down to 3 we are STILL running 10 programs, that means we have Response X3 programs running, and must reduce the Response by another 3 point, which put us at Response 0.
Congratulations, our commlinks just died. I find it odd that we cannot at least run 5/5 programs without penalty.
EDIT (Again)
Oh, and with the Meta Link for the poor among us you can’t even run ONE program before your Response goes down to 0.
System is limited by Response
If System runs more programs than it has Response then Response is lowered by 1.
If Response is lowered by 1 then System is lowered by 1.
If System is lowered by 1 then the amount of Programs one can run is reduced by 1 before response is affected.
Ok, fine, but lets look at it. *EDITED*
Here’s from the book
*SNIPPED*
Response (Hardware)
Response may be affected if you run too many programs.
For every x number of programs you have actively running,
where x = System rating, your Response is reduced by 1. So if
you’re running 10 programs with a System 5, your Response
will be reduced by 2.
*SNIPPED*
Ok, with the above example one can never utilize ones commlink since it will crash by itself.
If I use my response of 5 and load up to 5 programs my response will be lowered by 1, if I run 10 programs it will be reduced by 2, but wait, there’s more.
When the Response have been reduced by 2 down to 3 we are STILL running 10 programs, that means we have Response X3 programs running, and must reduce the Response by another 3 point, which put us at Response 0.
Congratulations, our commlinks just died. I find it odd that we cannot at least run 5/5 programs without penalty.
EDIT (Again)
Oh, and with the Meta Link for the poor among us you can’t even run ONE program before your Response goes down to 0.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.