Big D
May 5 2006, 02:18 AM
Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)?
Glayvin34
May 5 2006, 02:35 AM
QUOTE (Big D) |
Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)? |
I don't think so. You don't need any skills to fire up your Agents and send them forth.
damaleon
May 5 2006, 02:37 AM
QUOTE (Big D) |
Stupid question... does a TM need any hacker skills to drop a commlink full of Agent Smiths onto a system (ordering them to go forth and destroy in waves before they overcrowd the node)? |
As long as he can get the necessary level of access and has programs not on the node that he wants to run stored in physical storage he has access to, I don't see why not.
Assuming the TM doesn't have Hacking or the Exploit complex form, you can Default Hacking with the -1 penalty and thread Exploit to "Hack on the Fly" in an extended hacking+exploit (Firewall, 1 IP) extended test (FW + 3 for security access and FW +6 for admin). In this case, getting your threaded Exploit - 3 (- 1 die for defaulting, -2 dice for sustaining the threaded form) each IP, so you need at least 4 net hits for threading to even have a chance. You won't have much of a chance, but it can, theoretically, be done.
Big D
May 5 2006, 02:43 AM
damaleon: Sorry, didn't mean he didn't have TM skills, I was just referencing the earlier thread where I had missed that a TM has to have "normal" hacking skill to use programs off of a commlink, in addition to TM hacking.
damaleon
May 5 2006, 02:48 AM
oh, didn't realize that. in that case, I agree with Glayvin34, once he has access, everyone knows basic operation like loading a program. Even a TM would be force to learn how if he had any type of formal schooling, no matter how slow and backward he/she thinks it is.
GrinderTheTroll
May 5 2006, 06:01 PM
QUOTE (Glayvin34) |
QUOTE (GrinderTheTroll) | It's not the Agent's rating that degrades the node (although the Agent is capped at the node Rating), it's the number of Agents running in a node that degrade it. The Agent's Reponse equals that of the node it occupies.
A Rating 3 node can have 6 Agents running and any Agent will function at a MAX Rating of 3 even if >3. If the Agent moved into a Rating 5 node, then that node could handle 10 Agents before degrading and the Agent would function at a MAX Rating of 5 even if >5.
IIRC the limit to how much you can load into an Agent, is its Rating x2 in Program Ratings. So Agent 6 could have Trace-3, Attack-3.
Can anyone verify this? |
First, from page 212: "Response may be affected if you run too many programs. For every x number of programs you have actively running, where x = System rating, your Response is reduced by 1. So if you’re running 10 programs with a System 5, your Response will be reduced by 2." So at each multiple of your system you take a -1 to response.
It's that second part that I'm wondering about. Does an Agent's Load count against the total number of programs running? It says on page 228 that "Agents can be loaded up with copies of your programs so that the agent may employ them on its own. If an agent is acting independently, any programs it’s carrying must be active, and so may affect its Response."
Now it seems to be that the Agent runs the program on whatever node it's on, affecting response. So if you've got the aforementioned attack IC, you'll need it to run about 3 programs to be effective in cybercombat, plus the fact it's an Agent, so that means one attack IC with Attack, Stealth and Armor takes up 4 programs. Does that not sound right to anyone?
|
Thanks for the corrections, I knew I was on the right track.
I appreciate it.
GrinderTheTroll
May 5 2006, 06:17 PM
QUOTE (damaleon) |
Yeah, I would agree with Big D, as long as you can hack the proper access needed to load an Agent on their system, it should be possible. I would restrict running Agents to security or admin access, so it takes longer to hack in, but if you manage to do that, you should be able to use their system's resources against them.
I wouldn't allow you to do it immediately though, except for what programs/IC/agents are already available to the node your on. If for some reason there is no agent available to that node, it isn't rated high enough for you, I would make you spend several actions transfering some of your's to the node before you could activate them. Not a problem when the system isn't on alert, but it can take precious IPs away if you're being attacked, which is a suitable penalty if you don't think ahead. |
Distributed Denial of Service attacks (DDoS) on current day websites envlove getting thousands of "users" to all login at once and overload a target system. They don't require admin access, but attempt to choke bandwidth and server resouces.
This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resoueces.
I like the idea of being able to do this and I don't see the need to restrict it since you'd need to get all those Agents into the system in the first place by unloading yourself or having them Hack in themselves.
DDoS-2070: (aka ZombieArmy)
Agent (Pilot-3+)
Exploit-3+
DumpBot: (Persona dumped)
Agent (Pilot-1)
Big D
May 5 2006, 06:25 PM
Well, I'm thinking beyond just sitting there and eating CPU...
Launch a bunch of agents and have them go out and start trashing the system, perhaps focusing on key nodes if you've mapped out the system. That buys you a few precious turns, maybe even a few minutes, before the ice cleans out the system or the admin gives up and reboots.
Also, because they're not as limited in number as spirits or sprites, you can make one heck of a distraction against one system while you sneak into another one.
Rotbart van Dainig
May 5 2006, 06:59 PM
QUOTE (Serbitar) |
What response rating does a mainframe have? |
That depends on it's role, see Device Rating Table and funds of the owner.
QUOTE (Serbitar) |
Why does a credstick have a device rating of 6? This means that it has System 6, Response 6, Firewall 6, Singal 6? |
It means it has the first four at 6, and Signal at whatever fits per Signal Table.
QUOTE (Serbitar) |
Why does anybody buy comlinks if your credstick is so powerfull? |
It's a checkstick, no real interface included.
QUOTE (Serbitar) |
How much IC can you load onto simple nodes that are not meant to work as "real" mainframes? |
Infinite - running too many may cause them to be ineffective, though.
QUOTE (Serbitar) |
How much IC can you load on "real" mainframes? |
Infinite - running too many may cause them to be ineffective, though.
QUOTE (Serbitar) |
Why shouldn't there be a huge difference between both kinds of system? |
Because exceptions kill any rule.
QUOTE (Serbitar) |
Does only the IC count as a program? If yes, why? |
Because it's just one program.
QUOTE (Serbitar) |
Do the programmes, the IC is running, count toward the response limit of the node? |
No, they do count against the inherited Response of the IC/Agent.
QUOTE (Serbitar) |
How does a lowered response affect the standard duties? |
Not at all... except RP.
QUOTE (Serbitar) |
The fact, that almost everything now has a device rating, which must fit into the 1-6 levels, smartgun node in your weapon and supermainframe alike, imposes some huge problems. |
You didn't even touch the real problem: Connections.
At first, the rules state you can only run your Persona on Systemx2 Nodes simultaniously... which is fine. Then that changes to connections overall.
Which causes any server to accept... a dozen connections at best.
Even with the castrated half-open connections max of WXP SP2, you can still have hundreds of the with any normal PC, today.
Basically, this results in applying the Systemx2 limit only for Persona Access, and handwaving the rest.
James McMurray
May 5 2006, 07:05 PM
QUOTE (Rotbart van Dainig) |
Because exceptions kill any rule. |
Not if they're well defined. A rule that fits every occasion perfectly is of course optional, but rarely possible.
Rotbart van Dainig
May 5 2006, 07:24 PM
QUOTE (James McMurray) |
Not if they're well defined. |
The problem is not as much as when they apply... it's about remembering them in the first place.
QUOTE (James McMurray) |
A rule that fits every occasion perfectly is of course optional, but rarely possible. |
At which point SR4 allows judgement calls... which is more flexible, yet requires more experience/trust.
James McMurray
May 5 2006, 08:03 PM
True. Some exceptions are comon enough to need a rule, for the rest flexibility is better.
Serbitar
May 5 2006, 08:20 PM
Thanks Rotbart for the comments. (Actually I was wondering where you and Frank Trollman have been lately. It is hard to get good comments and suggestions these days)
But I think I have already made up my mind. Copying from the "Idiots guide to Matrix 2.0" thread:
"Furthermore I would subdivide nodes into "devices" and "hosts". It is extremely silly to think that a full blown matrix host would have the processing power of a mere comlink.
Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa). Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible)."
I would further suggest, that programmes run by IC/agents count towards the response limit, so you cannot protect your comlink better than any "host" would be protected using balance arguments.
Then I would rule that only nodes are allowed to check a persona for illegimate acess (instead of analyzing IC), and only when this persona takes actions that exeeds its hacked (or valid) permissions.
I did a couple of consistency checks and propability calculations with these suggestions and found that they are good guidelines for a veriety of SR4 situations.
blakkie
May 5 2006, 08:27 PM
@Serbitar
Degradation for a given login can occur on mainframe. Because the system will not feed a process or login all it's resources, outside of the top tier of security priority (many level of security, with some sort of "system" level at the top). That top tier wouldn't really equate to the Admin login level in the SR rules, mostly because of there being so many different piority levels.
It does in an attempt to protect the entirety of system from degradation. If it didn't some shmuck's do nothing infinite loop program or inifite open file loop could bring the whole damn thing to it's knees.
That's really a key to how a mainframe can effectively handle so many users, rationing of resources. It is entirely reasonable for similar throtling to occur on a node that is hosted on a mainframe equivalent.
P.S. Note that in that thread i linked there was a suggestion further down that the better computers would provide some limited support for extra IC that operated outside of the limit. Those IC would be running on a security/priority rating above Admin. But the system would definately want to limit how many of those they had because they represent a serious threat to overall system performance and uptime (which is king for big iron).
damaleon
May 5 2006, 08:33 PM
QUOTE (GrinderTheTroll) |
Distributed Denial of Service attacks (DDoS) on current day websites envlove getting thousands of "users" to all login at once and overload a target system. They don't require admin access, but attempt to choke bandwidth and server resouces.
This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resoueces.
I like the idea of being able to do this and I don't see the need to restrict it since you'd need to get all those Agents into the system in the first place by unloading yourself or having them Hack in themselves.
DDoS-2070: (aka ZombieArmy) Agent (Pilot-3+) Exploit-3+
DumpBot: (Persona dumped) Agent (Pilot-1) |
From what I remember, there is nothing limiting or degrading a node's performance by having more and more people access it currently described in the rules. It does mention that you are limited to System X 2 nodes, agents, and drones that you can simultaneously access, but nothing about how many people can be reading a node at the same time, so the effect of a current day DDoS attack is not described in the rules. It does mention that a subscription list can be practically unlimited in size, but you can only subscribe (I think it means link or actively subscribe) to so many at once.
As I read it, the only way to degrade a node's response is to load more and more programs, be they agents, hacking tools, common use programs or what not, and that would require you to gain access to the node and make it run programs. If that's the case, an agent only affect the node it can be traced back to, not the ones it accesses (so if a hacker loads an agent on his Response 5 commlink sends it out to a Response 3 system before logging off, it would still be at a Response 5).
I kind of see wireless like this:
you can have 1 person shouting to 1 or 1 million and the only thing that affect whether they hear you is distance (signal strength) so as many people are in range can read a what a node
if 100 people are shouting different things, you can only make out one or a couple at any given time (active subscription or linking limit) but you can change you you focus on at any given time
If you are shouting back and forth, both have to focus on listening (you both count against the linking limit of the other)
I'd apply all this to any single device and consider mainframes meshed networks, many devices completely interconnected but acting as 1 device with a common set of attributes, which then allows an expansion of the # of programs and interacting users, but doesn't increase the system, response, or firewall rating.
Rotbart van Dainig
May 5 2006, 08:36 PM
QUOTE (Serbitar) |
Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa). |
That means you just removed the 'hard' limit to implement a 'common sense' limit... which would be around... not more than a handfull of them?
Six of one, half a dozen of the other.
QUOTE (Serbitar) |
Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible). |
A device should, too. Otherwise, the whole AR concept breaks down in DoS.
QUOTE (Serbitar) |
I would further suggest, that programmes run by IC/agents count towards the response limit, so you cannot protect your comlink better than any "host" would be protected using balance arguments. |
They do already count... to the Response of the IC/Agent, which degrades it's effectiveness very quickly, as any Program it owns must be running.
Slapping them onto the device results in immediate DoS dropout.
QUOTE (Serbitar) |
Then I would rule that only nodes are allowed to check a persona for illegimate acess (instead of analyzing IC), and only when this persona takes actions that exeeds its hacked (or valid) permissions. |
No real reason for that - that's what the System+Firewall is for, initally... if one does try to exceed one's right, it fails and gets reported anyway.
Using RL analogies, even a home gateway running linux has a fullblown right managment system.
GrinderTheTroll
May 5 2006, 09:14 PM
QUOTE (damaleon) |
QUOTE (GrinderTheTroll) | Distributed Denial of Service attacks (DDoS) on current day websites envlove getting thousands of "users" to all login at once and overload a target system. They don't require admin access, but attempt to choke bandwidth and server resouces.
This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resoueces.
I like the idea of being able to do this and I don't see the need to restrict it since you'd need to get all those Agents into the system in the first place by unloading yourself or having them Hack in themselves.
DDoS-2070: (aka ZombieArmy) Agent (Pilot-3+) Exploit-3+
DumpBot: (Persona dumped) Agent (Pilot-1) |
From what I remember, there is nothing limiting or degrading a node's performance by having more and more people access it currently described in the rules. It does mention that you are limited to System X 2 nodes, agents, and drones that you can simultaneously access, but nothing about how many people can be reading a node at the same time, so the effect of a current day DDoS attack is not described in the rules. It does mention that a subscription list can be practically unlimited in size, but you can only subscribe (I think it means link or actively subscribe) to so many at once.
As I read it, the only way to degrade a node's response is to load more and more programs, be they agents, hacking tools, common use programs or what not, and that would require you to gain access to the node and make it run programs. If that's the case, an agent only affect the node it can be traced back to, not the ones it accesses (so if a hacker loads an agent on his Response 5 commlink sends it out to a Response 3 system before logging off, it would still be at a Response 5).
I kind of see wireless like this: you can have 1 person shouting to 1 or 1 million and the only thing that affect whether they hear you is distance (signal strength) so as many people are in range can read a what a node if 100 people are shouting different things, you can only make out one or a couple at any given time (active subscription or linking limit) but you can change you you focus on at any given time If you are shouting back and forth, both have to focus on listening (you both count against the linking limit of the other)
I'd apply all this to any single device and consider mainframes meshed networks, many devices completely interconnected but acting as 1 device with a common set of attributes, which then allows an expansion of the # of programs and interacting users, but doesn't increase the system, response, or firewall rating.
|
I think you missed my point: Personas don't effect reponse, but Agents do.
QUOTE |
This is modeled in SR4 by lots of Agents entering the same node. There is no mention of personas causing Reponse issues, but instead Agents do. This model allows an infinite amount of users, but only a limited number of "free thinking" programs (Agents) to draw on it's resources. |
PS - I fixed my typos in the quote.
Serbitar
May 5 2006, 09:44 PM
QUOTE (Rotbart van Dainig) |
That means you just removed the 'hard' limit to implement a 'common sense' limit... which would be around... not more than a handfull of them? Six of one, half a dozen of the other. |
No I think that 3 IC in one system should almost be the maximum. Add more and you have super tight, unhackable security. Nobody can defeat 3+ IC of about equal rating. You may as well log off.
Furthermore I sacrifice the "hard" limit due to balancing considerations. (see beyond)
QUOTE |
A device should, too. Otherwise, the whole AR concept breaks down in DoS.
|
No problem with this. I dont really see what should be unbalanced if you completely skip that rule.
QUOTE |
They do already count... to the Response of the IC/Agent, which degrades it's effectiveness very quickly, as any Program it owns must be running. Slapping them onto the device results in immediate DoS dropout.
|
The agent uses the nodes response. They dont have independent response. Furthermore you are multiplying total response if you grant every agent his own response and lower it only when the number of programms activated by the agent exceed his response. For example,you can run a total number of 36 programms on a node of response 6 without lowering response if you pack them into 6 agents. But you can only run 6 programms without lowering response if you let them run without agents.
This sounds illogical.
But the main problem is balancing. I do not want to let players or npcs run 6 agents with 6 programms on their raiting 6 commlink. This collides with my consideration, that 3 IC should be almost the maximumin security.
On the other hand, if I count each programm seperately I get something which is quite consistent AND is quite good for the game balance.
QUOTE |
No real reason for that - that's what the System+Firewall is for, initally... if one does try to exceed one's right, it fails and gets reported anyway.
|
You mean that everytime you attempt an illegimate action and fails, this is reported, and no other firewall+analyze actions by the node are needed? That would be perfectly OK for me. (Although I cant finde any statement in the rules, that every hack action is an opposed test between hacking+programme vs system+firewall).
Thanks again for the comments.
Serbitar
May 5 2006, 09:57 PM
QUOTE (blakkie @ May 5 2006, 03:27 PM) |
Degradation for a given login can occur on mainframe. Because the system will not feed a process or login all it's resources, outside of the top tier of security priority (many level of security, with some sort of "system" level at the top). That top tier wouldn't really equate to the Admin login level in the SR rules, mostly because of there being so many different piority levels.
It does in an attempt to protect the entirety of system from degradation. If it didn't some shmuck's do nothing infinite loop program or inifite open file loop could bring the whole damn thing to it's knees.
That's really a key to how a mainframe can effectively handle so many users, rationing of resources. It is entirely reasonable for similar throtling to occur on a node that is hosted on a mainframe equivalent.
|
Good explanation. But my problem with the whole degradation buisnes is the following:
If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons. There is no way to handwave this, as players need rules to know what they can do with their comlink and what they can not.
So I have to rule, that each program in an agent counts towards the response limit, to keep players from building the aforementioned ICbergs. But now I have a problem with matrix nodes. They should be able to be preotected a little better than mere comlinks. Thats why I skip the degradation rule there, and fortunately I can do this, because I am now in the region where players will never go (meaning ruleswise, they will most likely never design matrix hosts). I can handwave IC numbers by introducing traffic arguments and such.
After all I am just looking for rules with the following baselines:
Rules that comlinks even of response 6 can not be loaded (without a severe response hit) with more than 2 agents containing 6 programs at max.
There cant be more because I can not handwave agruments that not all available agents are not launched immediately. Nobody can face more than 2 such monsters at once,and I want to give players achance, that want to hack commlinks of NPCs, that have such a configuration (why shouldnt they, when they players can do it).
Handwaving arguments that normal Matrix nodes have about 2 IC with 4 programmes, and extreme high security nodes have about a maximum of 4 IC with 6 programmes. Furthermore I need handwaving arguments that not all the IC is loaded immediately but in a way that adds more to the tension of a good hacking experience (like a tracing routine IC first, and if it is crashed an attacking IC and then a black hammer IC and such). With the normal rules there is no reason to not load all the IC at once. Thats why I need handwaving there.
The combination of:
"Programmes in agents affect response" and "matrix hosts do not care about response reduction" delivers the baseline I want. The rest is just fluff tailored to fit this baseline.
Rotbart van Dainig
May 5 2006, 10:19 PM
QUOTE (Serbitar) |
If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons. |
Speaking from play experience:
You are worrying waaay too much.
Usually, IC will never even spot an intruder - Stealth is tough to beat on Matrix Perception tests.
Even if it would, nothing prevents a hacker using Agents, too.
It's a bit like letting guards patrol alone...
PS: The real ugly thing are data bombs.
blakkie
May 5 2006, 10:46 PM
QUOTE |
Good explanation. But my problem with the whole degradation buisnes is the following:
If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons. There is no way to handwave this, as players need rules to know what they can do with their comlink and what they can not. |
Didn't i warn you about trying to make sense of SR computing?
Actually there is some handwaving to deal with this, but you should probably drop a microdot before attempting to read it. So get ready, and make sure you stay away from the brown blotters with the Mickey Mouse stencil, people are getting really bad trips off those:
An Agent is it's own program space, with all the programs that it is running integrated within that. This works because it only has one or two programs doing things at any given moment. A persona has no program space of it's own, which is why it doesn't take up a slot. So any program loaded for use by the persona must have it's own program space. Why not, then, just have a program space to load all the programs into it for a persona? Because that adds an extra layer of interface that would require extra communication interaction in the same way that you have to spend an action to tell an Agent what to do and then there is another action spent for the Agent to do it.
Now just meditate on that while you listen to the chirping of the gecko pattern on the wallpaper.
Serbitar
May 5 2006, 11:14 PM
QUOTE (Rotbart van Dainig @ May 5 2006, 05:19 PM) |
QUOTE (Serbitar @ May 5 2006, 11:57 PM) | If an agent counts only as 1 programme, players and NPCs can make their comlink into IC castles. I do not want that for balancing reasons. |
Speaking from play experience: You are worrying waaay too much. Usually, IC will never even spot an intruder - Stealth is tough to beat on Matrix Perception tests. Even if it would, nothing prevents a hacker using Agents, too. It's a bit like letting guards patrol alone... PS: The real ugly thing are data bombs. |
You should definately read the "Idiots guide to Matrix 2.0" thread.
There they argue, that if the IC wins in an pilot+analyze vs hacking+stealth test, they IC has sucessfully uncovered the hacker as such, a hacker with faked permissions.
Thats what I am fighting against. This idea is pertly backed up by the patrolling IC paragraph on p. 222.
And the chances to lose a for example 10 vs 10 dice opposed test are not low, 41,4%.
Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test.
Still, there is lots n lots of confusion about the matrix rules out there . . .
BTW:Agents are bad. They highten the danger of beeing detected, and when you are detected, the matrix run is mostly over. I think agents are mostly for doing stuff for you in a node when you have left.
blakkie
May 5 2006, 11:29 PM
IC are not loaded until the security alert has been raised (page 228). So no multiple IC until you screw up. (EDIT:Unless this is a hyper serious about security system, then they might allocate the resources to roaming security Agents that are constantly sweeping, but that'll cost processing power which equals money, and really they have to be able to notice you and then correctly Analyze you to figure out that you aren't legit)
Once the security alert is raised the drek hits the fan, as fast as one IC per IP at a time depending on how agressive the system security is. But even then, depending on Init rolls and you noticing the IC loading (it takes a Complex Action worth of time for the loading to occur), you have a chance that'll you'll get the option to scram before the IC even gets to act.
So the system is still quite safe until you set off a Data Bomb or the system itself detects you. Just like in SR3, the key is to not get noticed and you can cakewalk through. Actually that's like a lot of things in SR.
Rotbart van Dainig
May 5 2006, 11:32 PM
QUOTE (Serbitar) |
You should definately read the "Idiots guide to Matrix 2.0" thread. |
Well, maybe I could.
QUOTE (Serbitar) |
There they argue, that if the IC wins in an pilot+analyze vs hacking+stealth test, they IC has sucessfully uncovered the hacker as such, a hacker with faked permissions. |
Basically, that is correct.
Keep in mind that if the IC tries again before a certain intervall, it will lose dice.
QUOTE (Serbitar) |
And the chances to lose a for example 10 vs 10 dice opposed test are not low, 41,4%. |
Sure... some action is good.
Any hacker with about two to three runs will have Response 6, though, and most Node will run around 4.
QUOTE (Serbitar) |
Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test. |
That's a necessity, in fact - as there are no more security tallies.
QUOTE (Serbitar) |
Agents are bad. They highten the danger of beeing detected |
Only if you run them on the Node... if they run in your Persona, they count as Programs and are only detected if you are, anyway.
Serbitar
May 6 2006, 12:08 AM
Now we are turning in circles:
QUOTE (Rotbart) |
QUOTE (Serbitar) | Thats why I do not want IC that is constantly scanning everything and uncovering hackers with this opposed test.
|
That's a necessity, in fact - as there are no more security tallies.
|
QUOTE (Rotbart) |
QUOTE (Serbitar) | Then I would rule that only nodes are allowed to check a persona for illegimate acess (instead of analyzing IC), and only when this persona takes actions that exeeds its hacked (or valid) permissions.
|
No real reason for that - that's what the System+Firewall is for, initally... if one does try to exceed one's right, it fails and gets reported anyway. Using RL analogies, even a home gateway running linux has a fullblown right managment system.
|
So what? Scanning IC or System+Firewall?
I would substitute a an analyze+firewall(stealth) test everytimea hacker performs an illegitimate action for the security tallies. No need for analyzing IC.
Btw: The chance of losing a 12 vs 8 (hacker skill 6 stealth 6, vs pilot 4 analyze 4) are still 20%. Add the standard assumption that IC counts only as 1 programme, and you have 3-4 of these scanners in a 4 node. That gives you a 50%-60% chance of being detected (3-4 times 12 vs
. Too high for my taste. A 4 node should be fair game for a 6/6 Hacker (at least 80% propability to hack in, perform 3 actions and log out undetected)
Rotbart van Dainig
May 6 2006, 12:14 AM
QUOTE (Serbitar) |
So what? Scanning IC or System+Firewall? |
Both.
Initial and long term difficulty.
QUOTE (Serbitar) |
Add the standard assumption that IC counts only as 1 programme, and you have 3-4 of these scanners in a 4 node. |
3, if you have Analyze running.
Less if you want Agents performing tasks.
QUOTE (Serbitar) |
A 4 node should be fair game for a 6/6 Hacker (at least 80% propability to hack in, perform 3 actions and log out undetected) |
The key question deciding that is - how 'often' does IC patrol?
Serbitar
May 6 2006, 12:26 AM
Any reason not to let it constantly scan everything?
Rotbart van Dainig
May 6 2006, 12:33 AM
The 'Try again' rules?
Load balancing, sheer amount of sessions, drekcetera.
There's where rationalisation starts, for the sake of a fun/balanced game.
blakkie
May 6 2006, 01:08 AM
I should add one thing Sebitar that i missed mentioning before. When the big iron limits resources on node it is hosting it -might- throtle it by node/account pairing. So if a persona comes on and loads 15 programs it only affects itself, not other personnas in that node. Under that i'd expect that independant Agents (including IC) would limit each other by count as they would be grouped together as being programs 'owned' by the system itself. So for a Response 6 node you could have up to 6 Agents/IC running before they were subject to performance degradation. But even if there was 7 Agents on the node, a persona coming into the node would not be subject to that degradation. Likewise each persona would count their own programs loaded only when checking to see if the performance was degradated for themselves.
That seems to me a pretty reasonable step up in room on a mainframe node from a portable computing device while allowing a big iron host to avoid the unlimited access to computing resources that could bog the whole machine. It also nicely handles the idea of supporting hundreds or thousands of simultaneous persona accessing a node.
To personas in it i imagine it would look like a convention room, a mall hallway, or some other really big space with lots of room for all sorts of personas, maybe even with LOS blocking stuff to sort of visually break up the node, like say a park with rows of bushes, trees and embankments.
damaleon
May 6 2006, 02:03 AM
QUOTE (GrinderTheTroll) |
I think you missed my point: Personas don't effect reponse, but Agents do.
|
I don't think I missed it, but mine got lost in all the stuff I typed.
Mine was that, as I understand it, Agents only slow down the node they originate from, not the node they are currently in (unless it it the node the originated from). So sending a bunch of Agents to a node won't slow it.
blakkie
May 6 2006, 02:15 AM
QUOTE (damaleon @ May 5 2006, 08:03 PM) |
QUOTE (GrinderTheTroll) | I think you missed my point: Personas don't effect reponse, but Agents do.
|
I don't think I missed it, but mine got lost in all the stuff I typed.
Mine was that, as I understand it, Agents only slow down the node they originate from, not the node they are currently in (unless it it the node the originated from). So sending a bunch of Agents to a node won't slow it.
|
That seems to fly in the face of other's current thinking. Certainly mine. That when the Agent moves (you are talking about an independant Agent, right?), it completely moves including all it's proccessing and memory usage.
I know the rules are kinda vague in that area, but could your give the rundown on the reasoning behind your take? Or is there something that is in the "Idiot's Guide to the Matrix 2.0" better explaining that position? If so could you link me to a good entry on it. I stopped reading it some time back when the swirling vortex of mush got above my threshold, and i'd rather not try sort through a couple hundred posts to try find it.
damaleon
May 6 2006, 02:23 AM
Okay, I'm wrong. I missed the last line of the Agent description saying "this means that the attributes of an agent operating independently may vary as it moves from node to node."
Would this make an independent agent impossible to track back to the person that controls it unless you intercept its wireless commands?
blakkie
May 6 2006, 02:42 AM
QUOTE (damaleon @ May 5 2006, 08:23 PM) |
Would this make an independent agent impossible to track back to the person that controls it unless you intercept its wireless commands? |
If there was still an Agent to controller subscription in place they could track back on that, similar to someone tracing back from a drone. But if the Agent is out there operating on it's own and not reporting back (and wasn't given information about how to contact with the originator that you could extract out of the Agent somehow) then they'd have to try trace the Agent's movements through datatrails to see where it was initially spawned (i think it would leave a datatrail). Even then that location need not be the true originator's commlink as you can spawn an Agent in any node you have access to.
At that point i think the rules get very nebulous as to whether they could check the node's log to see if they could figure out who spawned the Agent. My best guess as a GM would be an Analyze by the tracker with lots of hits might overcome the efforts of the originator trying keep his identity hidden, and that would pick up the datatrail again (i think, maybe, but maybe not if the persona is no longer there).
So yup, it's tough to track back the perp of a worm Agent. And that is basically what a malicious independant Agent is, a worm.
damaleon
May 6 2006, 03:02 AM
Okay, now that I have to re-think independent agents, tell me if this makes sense to you.
A hacker creates an independent agent with a Pilot 4 while on Response 5 node, loading it with 6 programs and send it to try and get a file from another node. While in this node, the 6 programs lowers the Response for the Agent to 4 (but the Node still has a 5?) and it manages to hack of the fly to the node it is attacking and it has a Response of 3, so is the Agent is at a Response 1 or 2? Would the max response of 3 in the new node limit the pilot of the Agent to 3 making the 6 programs reduce its Response by 2, or would the Pilot still be 4 keeping the Response penalty -1? All programs the Agents run would also be limited by the response of the Agent as well right?
Would IC that can move from node to node be affected the same way (since they are specialized agents)? If that were the case, could you get IC to follow you to a low Response node to make it easier to defeat?
blakkie
May 6 2006, 03:15 AM
Ok, the Agent 4 with 6 programs active going to the Response 3 node. Now the Response 3 of the node limits the System of the node to 3. So immediately the Agent is lowered effectively to an Agent 3.
When calculating the Response degredaton of the Agent by counting the Programs running you use the Agent rating (not the System of the device/node). So it will be a 6/3 = -2. So yes, the Response for the Agent becomes a 3-2=1. Barely moving. If that agent tries to move to a Response/System 2 device it basically stops running (or maybe it can choose to shutdown programs to keep going, but it is going to need to shed a lot of them).
EDIT: BTW that means that in the original example if the Agent had 8 programs loaded instead of 6, even though it was on a Response/System 5 node, it would have an 8/4= -2 penalty to it's own Response rating. Thus having an effective Response of 5-2=3.
Anyone that sees a problem with this please jump in. I think i understand this stuff, but the wireless chapter is still my weakest section since i've not really used it extensively in play yet. We are still getting use to the idea that deckers can be real PCs.
damaleon
May 6 2006, 03:20 AM
Okay, I get that.
So an easy way to put a roadblock in the way of any IC or independent agent that is following your datatrail would be to go through several Response 1 or 2 nodes to make them stop functioning or at least unable to enter and follow the trail?
maikeru
May 6 2006, 03:25 AM
Wow, this stuff is confusing, good thing I haven't needed to use the matrix much.
blakkie
May 6 2006, 03:30 AM
QUOTE (damaleon) |
Okay, I get that.
So an easy way to put a roadblock in the way of any IC or independent agent that is following your datatrail would be to go through several Response 1 or 2 nodes to make them stop functioning or at least unable to enter and follow the trail? |
Hrmm, didn't think of that. Maybe. Though as i mentioned earlier in the thread i read the Trace action acting on an active persona as all occuring from the node where the persona is being tracked from. So until the IC finds the end of the trail they don't leave their home node.
When they do find the end of the trail they pass the location onto a meat-world security team and then pull out the can of whoopazz to knock out the intruder's meat body or maybe even hop to his node if his physical location is moving so it can try to disable whatever vehicle he is moving around in.
blakkie
May 6 2006, 03:51 AM
QUOTE (maikeru @ May 5 2006, 09:25 PM) |
Wow, this stuff is confusing, good thing I haven't needed to use the matrix much. |
So far in game we've just winged it. Nobody else at my table has nearly the same depth of background in computers as me, so in play it tends to be much lighter and fluffer than these indepth rules senarios.
Rotbart van Dainig
May 6 2006, 08:27 AM
QUOTE (blakkie) |
Hrmm, didn't think of that. Maybe. Though as i mentioned earlier in the thread i read the Trace action acting on an active persona as all occuring from the node where the persona is being tracked from. So until the IC finds the end of the trail they don't leave their home node. |
That assumes that every Node in that chain allows Access... otherwise, that Node would have to be hacked to continue tracking.
blakkie
May 6 2006, 11:44 AM
QUOTE (Rotbart van Dainig) |
QUOTE (blakkie @ May 6 2006, 05:30 AM) | Hrmm, didn't think of that. Maybe. Though as i mentioned earlier in the thread i read the Trace action acting on an active persona as all occuring from the node where the persona is being tracked from. So until the IC finds the end of the trail they don't leave their home node. |
That assumes that every Node in that chain allows Access... otherwise, that Node would have to be hacked to continue tracking.
|
Maybe. But because they are following the live packets themselves, in the same way that you don't need to hack into a node to use it to relay your signal (assumed) you should be able to follow the signal.
In fact once your persona moves out of the intermediary device and on i'm not sure there is a guarantee that that device is even used for relaying. In the same way that the current internet does not guarantee a path of travel for a specific packette, the Matrix could be adjusting . Being wireless, and therefore having even more potential routes, i'd expect this to be even moreso.
Except for some specific chokepoints going into or out of facilities where it switches from wireless to a fixed path for security perimeter reasons, but those are very unlikely to be low rating devices.
So just hoping your persona into a rating 1 Device first and then hoping onto the target system is no guarantee that your active path of packets from the traget system is going to flow through that rating 1 Device.
However when following a cold trail, where you have to check for arrival and departure in the logs, that might be true that the Agent has to hop into the device to get access to that. I'd still be inclined though to treat it like a Matrix Search and let it be done remotely (if you didn't let Search be done remotely a rating 1 Device would become fairly secure from Agent searches
).
Rotbart van Dainig
May 6 2006, 01:06 PM
It's quite easy to force routing in SR4, especially if you create those 'anonymizer nodes' yourself.
blakkie
May 6 2006, 02:16 PM
An anonymizer duplicates the original requester and then passes back the results. So there is actual proccessing that needs to occur on the node to emulate both sides. For a web browser that's pretty straightforward. How easy that is within the SR Matrix, and whether or not a crappy node could pull it off without impact on performance of the end persona, isn't clear as that is getting well outside of the rules IMO.
Rotbart van Dainig
May 6 2006, 05:21 PM
Not really - that's exactly what the rules call hopping nodes.
blakkie
May 6 2006, 05:35 PM
Which page are you talking about? I didn't get that from my reading, but i want to make sure i'm looking at the same thing as you and didn't miss something.
Rotbart van Dainig
May 6 2006, 06:04 PM
p. 220, Loggin On/Off.
blakkie
May 7 2006, 02:33 PM
Ya, i don't get that as fuctioning as an anonymizer at all. I would perfer to read that as not having the requirement that you log into the node that you are hopping. The wording is vague, but if they required that you log in as a user on the node that would make the Matrix either a very unfriendly or a very unsecure place. I'm thinking in terms of the internet now, if i had to log into every system that datapackets traveled on to/from me....the mind boggles. That is how the internet works so well, routing is just happens by whatever means the network deems best. It doesn't even guarantee that each individual packet will travel the same route as the last. It doesn't even guarantee, if i remember correctly, that the order of packet arrival will be the same as the order sent.
Rotbart van Dainig
May 7 2006, 02:55 PM
That's the fundamental difference between Nodes that allow public access and nodes that don't - the latter don't route traffic, normally.
Cracking a vending machine and using it as anonymizer node is simple.
BTW, it's quite easy to make routing work a certain way... that's what proxies are for.
blakkie
May 7 2006, 09:24 PM
QUOTE (Rotbart van Dainig @ May 7 2006, 08:55 AM) |
That's the fundamental difference between Nodes that allow public access and nodes that don't - the latter don't route traffic, normally. |
Because of the range limitations of a low signal, i evision part of the protocol that each device do it's Matrix good citizenship duty by being willing to forwarding towards the nearest known hub node or the destination device/node the packets without requiring any sort of login. Yes this is somewhat different than the more fixed heirarchy of the internet, but the internet doesn't include as valid world addresses things with the kind of limited range that the Matrix seems to, nor does it have the Matrix's seemingly universal transmission rates.
QUOTE |
Cracking a vending machine and using it as anonymizer node is simple.
BTW, it's quite easy to make routing work a certain way... that's what proxies are for. |
Thus my point about it requiring processing power and specific programs, which proxy/firewall/anonymizers do. If you are trying to use a rating 1 device that has some other type of use it's going to suck going through it. There aren't specific rules because it falls somewhat outside the core's range of explaination. If someone tried to argue that it was crippling IC by them going through like that it is clearly an excellent place for the GM to use a great big "nuh-ah". Perhaps even inflicting a bit of physical pain on the player via thrown dice?
Remember also that such a system would be very easy to exploit to get it to cough up the anonymizer patch list. A lot better idea would be to use a hard to get into system (perhaps one that is partially trusted by the target system) that was protected with IC, sprites, or some other watchdog to protecting the hop. As a GM i would generally add those as steps that the hacker realizes they must do just to have any chance of success. But even then for a live connection the i see the Trace program sniffing the traffic going in and out to try track without having to log into the node itself.
Really all that fancy stuff is already abstracted into the Track action, page 219, quite neatly as things that a decker and their Stealth software would normally be trying to do. So as such it makes great fluff, and can be used by the GM to add spice (both crunch and fluffwise) to a run on a host by making certain hops defacto mandatory. Or perhaps giving IC bonus dice to their Track action or for the target system to notice the illegal login attempt from an untrusted system if the decker chooses not to do the intermediary hop(s).
Rotbart van Dainig
May 7 2006, 09:41 PM
QUOTE (blakkie) |
Because of the range limitations of a low signal, i evision part of the protocol that each device do it's Matrix good citizenship duty by being willing to forwarding towards the nearest known hub node or the destination device/node the packets without requiring any sort of login. |
That may or may not be so - it is not specified. However, it is quite secondary on the question at hand.
QUOTE (blakkie) |
Thus my point about it requiring processing power and specific programs, which proxy/firewall/anonymizers do. If you are trying to use a rating 1 device that has some other type of use it's going to suck going through it. |
You might want to prove that.
QUOTE (blakkie) |
Remember also that such a system would be very easy to exploit to get it to cough up the anonymizer patch list. A lot better idea would be to use a hard to get into system (perhaps one that is partially trusted by the target system) that was protected with IC, sprites, or some other watchdog to protecting the hop. |
That doesn't really matter - it costs time... the time you have to pull the plug.
QUOTE (blakkie) |
As a GM i would generally add those as steps that the hacker realizes they must do just to have any chance of success. |
As the rules are pretty explicit about hackers having success without any hops at all, that does not really impress me.
QUOTE (blakkie) |
But even then for a live connection the i see the Trace program sniffing the traffic going in and out to try track without having to log into the node itself. |
Not really... it would make Track allmighty.
Aside from being able to track Damien Knight back to his personal office, it would be the ultimate exploit.
QUOTE (blakkie) |
Really all that fancy stuff is already abstracted into the Track action, page 219, quite neatly as things that a decker and their Stealth software would normally be trying to do. |
Stealth does not relay traffic - Stealth disguises it.
QUOTE (blakkie) |
So as such it makes great fluff, and can be used by the GM to add spice (both crunch and fluffwise) to a run on a host by making certain hops defacto mandatory (or perhaps giving IC bonus dice to their Track action if the decker chose not to do the intermediary hop(s)). |
Again, there is nothing to find about that being mandatory... in fact, it's rather the exception than the rule.
As Anonymizer Hosts popped up in Matrix, I expect such tricks to be featured by Unwired.