Charon
Dec 18 2006, 07:31 AM
I bet I'll seem slow on the uptake to those who thought about this before but I only had a Hacker in my campaign for 6 or 7 session (about half my first campaign) so I haven't tought all that much about every Matrix issue yet.
The text on p 212 : Linking and subscribing states that you can link a wireless device in such a way that only that device can access it, usually the commlink.
It forces an eventual hacker to hack the commlink before hacking the subsribed device. Best way to puts it is that the device is a slave to the commlink and can't accept any command that don't come from it.
Well, then you could link and subscibe many commlinks to just one.
For example, the Street Sam, the Adept, the Mage and the Faceman, who are usually the fab four of matrix security cluelessness, can all link and subscribe their commlink to the commlink of the Hacker.
The Hacker then becomes the Gatekeeper. To get through the team's commlink and various devices, you need to hack the Hacker's commlink. Which is presumably the commlink with the toughest security and the only one that is defended by a PC who know cybercombat.
I'm sure this would look weird in everyday life. Like the cops is looking up the street sam's ID but get denied because he needs to go through the Hacker's commlink...
But in commando mode, it makes total sense.
Anyone has thought/used this set up? Any thoughts on whether it's legal (seems to be) and what it could imply?
For one thing you better trust your hacker because any communication will go through his Commlink! If that guy turn judas... But otherwise it looks like it would tremendously improve the comm-security of the team.
mfb
Dec 18 2006, 07:42 AM
definitely not legal in any area that requires your commlink to be open. i don't think it'd be all that useful; all an enemy hacker has to do is spoof commands (assuming you interpret spoof to not be limited to drones), since your commlink is within wireless range of any number of devices that he can transmit from. it'd give him an extra step, i suppose, but don't think you'll be hacker-proof or anything.
Charon
Dec 18 2006, 07:57 AM
| QUOTE (mfb @ Dec 18 2006, 02:42 AM) |
definitely not legal in any area that requires your commlink to be open.
|
Of course not.
I'm sure you undertsdood that when I said "Is it legal?" I meant rule wise but I'll clarify it nonetheless.
As my example with cops trying to check your ID demonstrated, you can't be doing that while trying to pass for a civilian.
| QUOTE |
| i don't think it'd be all that useful; all an enemy hacker has to do is spoof commands (assuming you interpret spoof to not be limited to drones) |
Spoof is for agent and drone. And if my set up is legal, the enemy Hacker must first hack the Hacker's commlink, who is the Master node of the network so to speak and in charge of the other commlink according to the passage I mentioned.
Then he can start either hacking the other commlinks or perhaps directly spoof them since it can be argued that as slave of the Hacker's commlink they would be accepting commands and therefore behave much like a drone.
But it still leave them far safer than if the enemy Hacker could target them directly because these guys who own these commlinks mostly know squat about cybercombat and hacking so couldn't do anything to stop the attack anyway. But that way their Hacker can attempt to cover for them.
It's the virtual equivalent of the Hacker hiding behind the Street Samurai when a troll growl at him.
mfb
Dec 18 2006, 08:34 AM
my bad. i don't use the SR4 rules often, so i'm a bit rusty with them. it's not spoof, it's just regular hacking.
the problem is, even though your commlink is only supposed to accept traffic from your hacker's commlink, the most basic function of a hacker is to convince computers that he's someone else--such as, say, your hacker. he'd first try to detect your commlink (we can assume it's in hidden mode) with electronic warfare, and from then on it's just regular hacking--hacking+exploit vs firewall(1).
basically, your commlink is set up to only accept traffic from Harry the Hacker. if Edgar the Enemy succeeds at the hacking test, he's fooling your commlink into thinking that he--Edgar--is Harry the Hacker. subscribing a device to a commlink only limits legitimate access to that device. if your device is able to send and receive, it is able to be hacked, even if it's subscribed. that's what hacking is.
laughingowl
Dec 18 2006, 08:50 AM
| QUOTE |
What does subscribing/slaving a device mean, in terms of access/hacking? If a device is subscribed to someone else's commlink, can you hack/spoof that device directly, or do you need to hack the commlink first? If a group of devices were subscribed in a daisy-chain together, could you hack the last device directly, or would you need to hack them all in successive order?
The act of subscribing is merely the act of creating and maintaining a connection between two nodes. Subscribing does not automatically grant access to a node (unless it happens to be a public all-access node) -- that is the purview of accounts. Subscribing is essentially the "handshake" that occurs between two nodes, a protocol check and very basic form of authentication so that each node knows it's connecting with the right other node.
Slaving isn't really covered in the basic rules (you'll see more about this in Unwired), but it essentially counts as instructing one node to only communicate and take orders from another node (or nodes). The instruction to slave a node can only come from someone with admin privileges.
In the basic rules, subscribing and slaving have no effect on hacking or spoofing commands. The act of hacking and/or spoofing is presumed to incorporate an impersonation of a legitimate connection (that's why you need a successful Matrix Perception Test before you can spoof a command). You will likely see an advanced/optional rule in Unwired that makes hacking/spoofing a slaved node trickier.
This means that even if multiple nodes are daisy-chained together, each subscribed or slaved to the next, you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it.
Note that if a node that has other nodes slaved to it (we'll call this the master node) is hacked, then the hacker has open access to the slaved nodes as well (i.e., he does not need to hack them). |
From the FAQ:
Subscribing doesnt do anything really besides allow the other node established access.
"This means that even if multiple nodes are daisy-chained together, each subscribed or slaved to the next, you don't need to hack/spoof them all in order to hack/spoof the last one -- you can go straight to the last node and attempt to hack/spoof it."
So policy/what ever could still querry the 'mage's' comm direclty.
However what it DOES allow... is the top-end agent(s) running on the Hacker comm can be scanning the rest of the teams comms for intruders.
So if you wanted to be truly paranoid.
party comms what ever rating the can afford / need.
Hackers 'watcher' comm (NOT his 'ID" com): Passive mode (so still 'legal' but not easily seen). Subscribed to all of the party's comms. loaded with agents watching / scanning / patrolling all the subscribed comms. (good security, though still potential to be hacked since wireless enabled) (dangerous if hacked since linked to all the comms).
With data storage being 'unlimted' Watcher comm could also make 'backup' copies of the subscribed comms / data / programs (system check point) to help if somebody does get in to revert any changes they do.
Hacker 'over-watch' comm. Wireless DISABLED. Hardwired to hackers 'watcher' comm. Loaded with agents. scanning the 'watcher' comm for any signs of trouble. sends one-way signal (transmitter but no reciever) if it detects anything suspicious on the 'watcher' comm.
This should defiantly be making archival copies of the 'watcher' comm and possibly periodic copies of the 'watchers' backups of the subscribed comms.
The normal 'comms' are prone to be hacked just like any other. But unless somebody knows to look and intercepts the wireless traffic to the watcher comm, the watcher comm is likely going to notice somebody trying / doing anything on the normal comms.
If somebody does notice and manages to get into the reasonably hardened watcher comm, they have no way of knowing of the over-watcher comm until inside the watcher and will likely be taken by surprise and/or noticed.
No way to access the over-watcher save from the 'watcher' so if the over-watcher is a better comm / programs, anyone working from the 'watcher' node is going to be at system/response limits working against higher rated programs on the over-watch.
The Jopp
Dec 18 2006, 08:51 AM
Hacking daisy-chained commlinks that are connected through subscription only requires a spoof command since it affects all subscribed items.
There is a better way – Legal Access.
Commlink 1 is you hacking commlink
Commlink 2 is your “firewall” commlink/router.
Use a password and/or linked password to gain access to commlink2 with commlink 1.
This means that you are allowed to access the “firewall” and ONLY use it to gain access to the matrix, you cannot upload programs or use it unless you subscribe it.
As soon as it is subscribed to you it can be spoofed and destroyes the entire “safe” commlink setup.
Anyone trying to track or hack you must first hack through the firewall.
Sadly the spoofing FAQ has made spoofing the ultimate commlink stealing tool as you can do ANYTHING as switching subscriber list for example.
Serbitar
Dec 18 2006, 09:42 AM
I would allow spoofing only for access IDs and commands to agents.
The Jopp
Dec 18 2006, 09:58 AM
| QUOTE (Serbitar) |
| I would allow spoofing only for access IDs and commands to agents. |
I'm going over this with one of my GM's and I want to limit Spoofing to Agents and Pilot programs.
This way you Spoof drones and Hack commlinks.
laughingowl
Dec 18 2006, 10:26 AM
First there is no need to 'spoof' as mentioned in the FAQ 'subscribed' is just 'connection established' (tcp threeway handshake).
| QUOTE |
The act of subscribing is merely the act of creating and maintaining a connection between two nodes. Subscribing does not automatically grant access to a node (unless it happens to be a public all-access node) -- that is the purview of accounts. Subscribing is essentially the "handshake" that occurs between two nodes, a protocol check and very basic form of authentication so that each node knows it's connecting with the right other node.
Slaving isn't really covered in the basic rules (you'll see more about this in Unwired), but it essentially counts as instructing one node to only communicate and take orders from another node (or nodes). The instruction to slave a node can only come from someone with admin privileges. |
So until Unwired, there arent rules for 'slave' nodes and subscribed just means a connection is established.
Furthermoore either way (from what I can read even 'salve' nodes (once rules are out), spoofing is valid for any means of communications since it is exactly what its name implies you are pretending to be the other guy.
So while house ruling 'slave' nodes is fairly easy (IMO) until Unwired comes out, Spoofing is exactly the intended method of breaking a slave node.
Now perhaps Unwired will give us optional rules for 'multiple interfaces' and/or restricting by interface.
(I.E. nobody but 'users' access allowed FROM the wireless interface, Admin has to come from the hardwired cable, etc.....)
Charon
Dec 18 2006, 01:17 PM
I see. So I'm guessing that when they wrote ''anyone that wants to interact with your PAN must connect to your commlink first'' on p.212 they didn't really meant anyone. They just meant normal user who don't hack.
Ain't gonna argue with the FAQ : It's quite explicit. My idea doesn't work as envisioned.
I'm eager to see rules for real slave nodes to see if it changes anything.
I wonder if it could afford the team's Hacker some edge in noticing that one of his teammates commlink is being hacked, though.
And surely the Team Hacker could immediately engage in cybercombat any enemy Hacker that has been detected on a buddy's commlink since in effect the enemy hacker is on his PAN if his buddies commlink are subscribed to his.
knasser
Dec 18 2006, 02:11 PM
Actually your idea does have merit. It doesn't force a hacker to go through the gateway commlink to get at the rest of the teams, but it will hinder him for other reasons. Firstly, if the rest of the team's commlinks are all subscribed to the team hacker's, then they can all operate in hidden mode. This doesn't stop another hacker from spoofing commands or trying to reach them directly, but hidden mode does force an initial Scan + Electronic Warfare (4) test which can actually keep out the average coporate hacker (note that it's not an extended test). This is on pg. 225 of SR4.
LaughingOwl also beat me to it on suggesting a local agent. This is a seriously good investment as by chaining your commlinks together, you create a little local network that the agent can zip around in tirelessly. If you have a five man team, that's an inspection of each commlink every ten matrix initiative passes. Not bad. Even better, you can have the agent subscribed to multiple nodes at once. This is very bad if you think you're going to be attacked in more than one node, but in the scenario of a single hacker breaking into the team's network, then it's not a problem and allows instant response.
Finally, a node need not be a single device, but can, per the rules, be a network. There might be some restrictions on this, but in theory, I don't see why a hacker cannot set up the team's commlinks as a single node. After all, it works for other types of devices such as a drone squad. In this case, your agent or IC sits in one node defending all of them.
Hope this is of some use,
-K.
ixombie
Dec 18 2006, 04:10 PM
If my PAN includes my jacket, my gun, my smartgoggles etc, then the p.212 statement is accurate more or less. Those things all have a signal 0, so you can't hack them without going through my commlink or getting close enough to me that I might notice you following me.
RunnerPaul
Dec 18 2006, 05:34 PM
| QUOTE (ixombie @ Dec 18 2006, 11:10 AM) |
| Those things all have a signal 0, so you can't hack them without going through my commlink or getting close enough to me that I might notice you following me. |
Assuming you're standing on flat, solid ground, Signal 0 gives you a hemisphere 56 1/2 cubic meters in volume that you're vulnerable to. That's a lot of space to hide a single MCT Fly-Spy drone in, which is all someone would need to if they didn't mind hacking you through a drone that was acting as a re-transmitter.
Just sayin'.
mfb
Dec 18 2006, 06:34 PM
indeed. that's why you turn the wireless link off on items like that, and just use skinlink.
Charon
Dec 18 2006, 06:59 PM
| QUOTE (knasser) |
Hope this is of some use,
-K. |
Yeah, that sounds pretty cool in fact.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.