I am not sure you understand the question. If this is the case, then to better understand your question, please replace the word "hacking" with "dancing," and the word "spoofing" with "doing a polka."

As I understand it, hacking is everything that a hacker does in Shadowrun. That Spoof program is a "Hacking Program," according to the RAW. As is Exploit and Attack.

In real life, the term "hacking" means several things, least of all illegally breaking into computer systems (this link leads to more detailed descriptions of the word "hacker"). The more accurate term for that would be "cracking," but a decision was made within FanPro to just stick with modern popular myth and call all of it hacking (and I can't blame them, really), and since they do, I will, too.

Basically, a hefty percentage of Matrix actions listed on page 219 are hacking. Practically every use of those programs listed on page 226 and 227 as "Hacking Programs" could be considered hacking.

I believe what you mean by "hacking" is using the Exploit program to find a way to access a node. A real-life example of this action would be the use of a combination of a program called nmap and sshnuke, a program that utilizes the now (in)famous SSH exploit, known to those in the biz as the SSH CRC-32 bug. It would look something like this:

This might look familiar to Matrix fans; it's the same exploit that was used by Trinity in "The Matrix Reloaded," and it's what a real hacking job would look like (the Brothers Wachowski were given mad props at the time by the hacker community for their accuracy and research). The nmap program looks for vulnerable open ports in a target, and the sshnuke program was designed to exploit the CRC-32 bug. Shadowrun's Exploit program would include the functionality of both of these programs, along with a whole library of others.

Now, look at the nmap output above. It shows that there is a port (a potential connection) in the target that is open and listening for input. If this port was closed, and no other ports open, sshnuke would not work, since the target could not execute the commands that sshnuke sent it because it would never get a chance to read them. If the router attached to the open port only allowed traffic through that was from a certain address, one would have to perform IP spoofing on packets in order to have the router forward the traffic and have sshnuke work; in game terms, one would have to Spoof the node in order to Exploit it.

So the short answer (too late) is yes, you need to Spoof a node that is exclusively subscribed in order to use Exploit whether you do it the slow romantic way (Probing the Target) or the hard and fast way (Hacking on the Fly). In order to run the Spoof, you need to have a Matrix ID that won't get ignored, and to get that you either need to use Decrypt and Sniffer to get the ID from the traffic to and from the drone, or Track and Analyze to find the rigger in the Matrix and get the ID that way; this assumes that there is any traffic going to and from the drone (if they're not talking, you're kinda screwed).

Incidentally, the concept of subscribing to increase security has come up in other threads. The idea being that every member of the team subscribes their commlink exclusively to the team's hacker's commlink, so as to reduce the points of vulnerability. It's the same deal with the drones and the rigger.

Sounds to me like you're avoiding the question. =b

Plus, you prompt another question: when did I mention a house rule?

Thank you, this makes perfect sense and supports your position. But since the rules don't specifically state that you need to gain ID before attacking/exploiting (I again looked over the quotes you posted earlier, and none of them say that you must do so) I still believe that that would be a house rule. And that the rules writers were either unfamiliar with hacking or were trying for game balance. Or maybe that they were smoking crack, since my question remains - if you have an ID with which to spoof, why would you make an exploit test?

Okay, this is important. This might answer my question. If that's the way things should work, the game designers really missed the boat on writing such a rule. That would have been a very obvious sentence or two.

So we could say that any node that expects communication with outside entities will not have a subscription list, and therefore be vulnerable to an exploit. And that exploiting is useless against a subscribed one.

Not that I'm aware of.

You can do anything in AR that you can do in VR, you're just using your meat initiative, and you lose the extra passes. If you spoof your ID with the rigger's you can issue any command that he can. You just can't jump into it, and control it virtually. Drones usually have programs that allow them to follow complex commands such as "shoot that guy". I'm not able to find anything about program degradation. Are you thinking of SOTA?

wind_in_the_stones.biscuit++;

Actually, they did say that, but you have to put together all of the stuff I quoted a few posts back. I suspect what happened was the same sort of thing that's happened before: the writers knew what they were talking about, the editors knew what the writers were talking about, and so it appeared that the whole thing made sense.

wind_in_the_stones.biscuit++; // that's two so far, good work!

Actually, Exploit isn't useless against an exclusively subscribed node, just less efficient.

To gain an account?

ID = IP or mac-address
exploit = gain an account

And ID and a system account are two totally uncorrelated things. Even if my wirelss network is only accepting certain IDs, it will still check wheter the guy/device/node/whatever login on via this ID has a valid user/system/admin account.

This is also the case in todays networks. Nothing very nonstandard of difficult.

You had me there, for a minute. I thought, oh yeah, if you're spoofing, you have to make a test for every command issued. And once you've successfullly hacked, you can do anything you want to the node. But then I realized your first spoof command is going to be to add your rigger to its subscription list. And that's effectively an account.

Or am I missing something?

And not only that, you knew what they were talking about, apparently. So you read a lot into those quotes from the BBB. I can't make them mean what you say they mean. Not without a stretch, anyway. They support my position at least as well as yours.

You're missing something. Sorry.

Adding your ID to the subscription list just makes the target node stop ignoring you. But once you've been added, you can start Exploiting. This is, of course, assuming that the rigger has given herself access to change the subscription list (as opposed to making that something she has to log in as an admin or have a passkey to do).

I cheated. I get paid to teach this sort of thing. =)

Good question to ask. That's probably a judgement call for your GM to make.

In real life, the answer is both (useful, huh?). This is because the creation of what Shadowrun calls a subscription list is separate from the implementation of that list. So if you tell it to stop using that particular list, then it will become open. If you merely erase the list it's using, it will discard all traffic.

So, yeah. Up to your GM. If I was the GM, I'd have you make a Logic + Operating Systems Knowledge, or Logic + Hacking, or something, to give you a chance of getting the desired result.

It's a minor nit, but since we're talking about wireless.... each node with a receiver has to run its own filter. A better real-world model for a subscribed node would be a server with ssh turned on, but a software firewall (ipchains, for example) configured to ignore connection attempts that don't come from a specific list of IPs.

If the node is going to receive ANY traffic, some piece of software on the node needs to examine each incoming message and decide whether or not to pay attention to it. One way to gain access to such a node would be to spoof your own identity (once you've figured out what ID it's looking for). In theory, though, you might also be able to take advantage of a vulnerability in the filtering software. (Just like, in the hardwired example you gave, you could in theory crack the router instead of spoofing)

I have to disagree. The RAW states that commlinks are also routers. This makes sense for a ubiquitous wireless network; it becomes very easy to run such a network if every device can pass packets. I'd assert that only a tiny fraction of traffic that a single commlink encounters would actually be for that commlink, rather than traffic to be forwarded. If that capability was integrated into the commlink's central processing duties, it would be a terrible waste of resources, especially when the user wants it for something processor-intensive (like gaming or decrypting or compiling or something). More likely, the router functionality is part of the wireless tranceiver (analogous to a modern computer's network card).

Unless you are maintaining that a subscription list is unlike a modern ACL, then what you propose would not work. The packet in question never even gets looked at, only the network header. Modernly, it reads bytes six through nine (for the source address), and that's it.

Jopp, omae, I could respond to this, but I'd just be repeating every fraggin' thing I've been saying this entire thread, so I'll leave that as an exercise to the reader. And by that, I mean reader, not skimmer.

Also, let us not forget that "hacking" is, among other things, Spoofing and Intercepting (that one was a few posts back). Don't confuse Exploit with hacking.

But that's what I already ... I went over ...

...

*sigh*

Very nice, Jopp. Very succinct. Thanks.

I don't see why not. Logically (meaning within the logical theoretical construct of the Matrix), a drone's Pilot and an Agent are identical, they just control different hardware.

I didn't write the second paragraph of that, so I'm not sure where it came from. Is it part of your response, and accidentally inside the quote-tag?

Actually, I agree with everything you've said here. I didn't intend to suggest that the filtering had to run on the main processor as opposed to a dedicated sub-processor...merely that it has to be done within the commlink itself, SOMEWHERE. It can't rely on a different node to do its filtering for it. And it can't be entirely hard-wired, because you need to be able to configure the contents of the list at run-time.

Only one of these I disagree on is the garage door openers. By design, a garage door receiver is intended to respond to only one or two dedicated transmitters. It's pretty much a perfect example of a subscribed node. Unless you meant a public pay-garage, rather than a home one?

Fixed. Weird, it looked okay in the preview.

I think I'm hung up on the term, "filtering." To call the thing that an ACL or subscription list does "filtering" is somewhat inaccurate, but it occurs to me that such nit-picking (Nim-picking?) doesn't really add anything to the discussion, so I'll shut up about it.

Anyway, my original point was that the packets carrying the Exploit commands/probes/unagi would never reach a place where they could do harm, because it would get discarded before it got that far. It might help to explain that there are actually multiple layers of encapsulation at work in network communications (encapsulated in a spoiler for those who like to skim).

Okay, maybe not garage door openers. Except the public ones, as you say.

It seems to me, that if I'm on its subscription list, I can give the drone commands, and I no longer have to make spoof tests. Am I wrong about this too?

Sort of.

You have to spoof it if you want it to follow a command. All being on the subscription list does for you is not have the drone ignore you out of hand. Once you're on the list, then you can start the Exploit or what have you.

Um ... huh? Are you sure about that?

If "every aspect of encapsulation" is only controlled at the origin, it wouldn't work. Each end of the communication, and every step in between, has to be equally responsible for operating the proper network protocol (both routed and routing) or it don't work. It's like playing a game of telephone, except the players are from all around the world, and the first person is the only one that gets to pick what language will be used; it might work, but it probably won't.

While there doesn't have to be an intermediary between the sender and the receiver, it's faster if you're able to route your message through multiple routes at once. You gain a little bit in speed, and a lot more in security and error-checking.

As far as the trustworthiness of the "outer envelope" is concerned, there are plenty of ways to authenticate an envelope. If you're using encryption, you could encrypt the lower-level headers and then check it against the outer header to validate the whole packet. You could also include encrypted sign-countersign data using something like a one-time pad.

With wireless communication, though, you need encapsulation on both ends. Ever notice how 802.11g is clocked at 54 Mbps but you never even get close to that speed? That's because the best you can get is actually 26 Mbps, because every packet sent requires that the receiver double check that the packet arrived intact, which more or less doubles the traffic required per unit data transmitted.

Meh. Maybe. I think you might be fishing a bit, though.

At this point, probably We've also wandered totally away from actual SR-related topics.

But in a distributed wireless network, if the original sender and the receiver are within range of each other, there /are/ no steps in between, right? Obviously the sender can't grossly violate the protocol, or the packets it's sending will be meaningless. But no trusted (or at least, neutral) third party has encapsulated that message. They could flood you with as many malformed packets as they liked.

If the sender and receiver were far enough away from each other that the packet had to be routed through intermediate nodes, THEN encapsulation might protect you (at first glance) from malicious content.

That's certainly true with wired communication, because the actual throughput on any given intermediary link may be lower than your own maximum rate of transmission. At that point, splitting the message across multiple routes will get the whole message there faster. In a wireless network, though, I don't see how adding addition intermediaries (assuming the sender and receiver are within clear trransmission range of each other) can do anything but slow the process down.

Or am I missing something here? I'm honestly not JUST trying to be difficult.

*slaps forehead* Right. Subscribing is like putting each other on your AIM buddy list. All it means is that the drone can hear you, not that it will listen. This would have been a lot simpler if that had occurred to me a couple of pages sooner. I was thinking that a subscription is the channel the rigger uses to issue commands. I think. It's hard to remember what I was thinking last week. Or the week before.

So...

What does the subscription list have to do with it? When you're spoofing, you don't need to be on it, because you're pretending that you're the guy who is on the list.

And back to my original question: what does it take to give control of the enemy drone to my rigger? Once I've hacked into it, I can transfer command rather easily, I'd imagine. Is it the same for spoofing? This seems like a simple decision, but I'd like to get someone else's opinion.

Assuming a simple protocol, like the sort we use now-a-days, yes, it would be faster. I can think of a few reasons why to purposely send packets via multiple routes on purpose, especially when wireless is a) ubiquitous and b) security-critical.

It comes down to what the drone has been configured to accept as commands. A rigger concerned about security would allow himself to send operational commands, but require higher-level access, Security or Admin, to do anything else, such as give accounts. Ideally, also requiring a passkey, for that added kick.

The long and the short of it is, giving commands is usually enough, at least for a couple of turns, until the rigger sends a command to switch IDs or something like that.

More or less. Again, though, usually by the time you've done all that, your Street Sammie has torn it to shreds, or your magician has managed to beat the 4+ threshhold with a damaging spell, or something.

Null perspiration, omae. Didn't I mention that I teach for a living?