Help - Search - Members - Calendar
Full Version: Hacking the Firewall
Dumpshock Forums > Discussion > Shadowrun
Blog
Ok, there you are running your exploit tools to try and break into a node.

Per RAW each attempt lets the firewall attempt to see you do this, if detected alerts and stuff happen which makes it harder to get on.

However lets say you have another hacker on the node running security, specifically looking for intruders. Do they even get a chance to notice this going on?

If they do get a chance to notice this what options do they have? My biggest concern is can they enguage in cybercombat with the person that has not fully logged into the node.
Jack Kain
Any one else on the node agents included can scan the node. Independently of the base system. Patrolling agents are a part of matrix security they'd travel from node to node on the network and scan for any unauthorized access. Even if you manage to exploit through a firewall of the node a patrolling agent or security hacker could still scan you and trigger the alarms.
Blog
Yes but what about before you have sucessfully broken through the nodes firewall?
ornot
You might as well ask what a node does if it notices someone trying to crack the firewall before they accumulate enough successes to log on. They'll carry out whatever anti-hacking procedure they normally do, be it loading up on scary IC, calling in a couple more security hackers or just shutting the node down.

In similar terms, what does the sec team do in the meat world if they detect the runners before they have actually broken onto the restricted property. They'd keep an eye on them and maybe lay some traps.
Blog
My question was more concerend around the following.

While your attempting to break into the node. Can a security hacker notice this? If so can they enguage in cybercombat or is their only option to put the system on alert untill they actually break in.
ornot
I'd suggest that a hacker can notice a hacker with an analyse program (p226), supplemental to a system's own analyse+firewall test. Although I would rule that said hacker would have to be actively watching for hacking attempts, which would probably only be common practice in sensitive nodes.

It states on p222 that a system that has been alerted increases its effective firewall rating by 4, making further hacking attempts harder. I would suggest that were a hacker to notice the hacking attempt it could alert the system even if the system itself had failed to notice the hacking attempt. I don't think the security hacker could engage in cyber combat until the intruding hacker was actualy present in the node.
Cheops
A standard Matrix Perception test would be needed to spot someone trying to hack the system. The spider couldn't do anything to the hacker yet because he isn't actually on the node. However, the hacker could track the aID and attack him on other nodes if he is very aggressive.
cetiah
Until the hacker has broken into the node (and past the firewall) he cannot be affected by anything in that node. If he could, then all the IC would be outside the node, standing by the firewall, looking for hackers. smile.gif

If the alert was triggered, whoever needs to know about it would be informed automatically. If the hacker was an independant hacker (and not a security hacker) then he would not have been informed, but will likely notice the alert. He will know he wasn't the cause of the alert.

Anyone who examines the logs would instantly see that an intrusion attempt was repelled by the firewall and would have access to the Access ID of the intruder. (A smart hacker would have spoofed it first.)

The hacker trying to get into the node cannot be attacked, traced, analyzed, or anything until he has entered the node. Only his attempted access, the time of the attempted access, and his Access ID can be determined.
Aaron
Let me take a crack at explaining this.

Computing in 2070 is so ubiquitous that it's similar to the ubiquity of buildings nowadays. Let me tell you a story that may have happened when I was a teenager.

So there was this kid who wanted to, for reasons of his own, get into a high school at 02:00. The school had locks and motion sensors at all entrances. He could approach unprepared with his crowbar and enter by breaking a window or pulling open a door, but there was a chance that the motion sensors might pick that up, and he would have been easier to detect by any guard dogs or security guards the place might have. Instead, he took his time to case the building, walking through the public spaces during regular hours, maybe testing a door or window when nobody was looking. Finally, he discovered that he could get in over the fence, across the patio, along a decorative wall, onto an overhang, and in through a window that was never locked. There was a chance with this plan that one of the sensors might pick him up, and he would still have to be careful of any guard dogs or security guards that may be in the building, but he was pretty good at keeping stealthy.

Now, in case the metaphor isn't as transparent as I'd hoped, here's the retelling, with the 2070 update.

So there was this kid who wanted to, for reasons of his own, get into a node at 02:00. The node had a Firewall and an Analyze program running 24/7. He could approach unprepared with his Exploit program and enter by hacking on the fly, but there was a chance that the Analyze program might pick that up, and he would have been easier to detect by any Agents/IC or security hackers the place might have. Instead, he took his time to probe the target, accessing the public areas during regular hours, maybe testing a port or an interface when nobody was looking. Finally, he discovered that he could get in through [some descriptive virtual route that the GM comes up with after the kid comes up with the hits on the Extended Test]. There was a chance with this plan that the Analyze program might pick him up, and he would still have to be careful of any Agents/IC or security hackers that may be in the node, but he had a good Stealth program.

How's that?
ornot
You had guard dogs and security guards at your high school? Scary wink.gif

However, I don't think the OP was asking about the differences between hacking-on-the-fly and probing. I understood that the question was more, "what happens if the hacker alerts the node, or any security hackers or agents within it, before he has accumulated enough successes to break in?" In which case the RAW states that the node goes on alert, its Firewall rating increases by +4, increasing hacking thresholds, and the nodes dice pools to counter the hacker.
Wasabi
In my own games I explain that the Matrix Gateways and subsequent LTG-like areas are their own node, and that you are on a node when hacking in albeit a pretty anonymous node.

There is nothing that says a hacker cant be in both nodes at once specifically for such a purpose although they can only ACT in one node they could passively do Matrix Perception (at -2 although that may not be strictly RAW) and themselves be detected and/or attacked in either node. It does give a higher defense though!
Aaron
QUOTE (ornot)
However, I don't think the OP was asking about the differences between hacking-on-the-fly and probing.

I probably should have summarized.

Extending the metaphor, basically anything the security guards and guard dogs can do in a building, security hackers and Agents/IC can do in a node, including look around, check authorizations, etc.
Lantzer
The way I see it,

The spider can't deal with the intruder until the intruder actually intrudes. Until then a connection has not been established. Mr. Spider just notices a bunch of illegal anonymous access attempts.

So what can he do? If *I* were Mr. Spider, I would:
1) Put the Firewall/system on alert
2) Load up the IC
2.5) Call in my buddies: Spider 2 and Spider 3
3) Jump Mr. Fly with a held action as soon as he gets in.
4) I don't suppose it'd be possible to admit Mr. Fly to a virtual node to keep him busy while we trace him?
hobgoblin
i suspect that unwired will hold rules for your option 4.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012