Help - Search - Members - Calendar
Full Version: Help protect my nodes
Dumpshock Forums > Discussion > Shadowrun
BlueMax
Premise: We are new to SR4 Hackery. As we explore the limits, we hit walls. Some of these walls are in our own minds. There will be errors below, please help ID them.

Notes
* My group has 3 TMs. However, only one of them is interested in Hacking. All three can break most nodes, and the hacker is *nearly* unstoppable.
* This is done with a 400BP and less than 30 karma gained.( the only karma impact was the specialization )

How he does it:
* Stealth CF 5, Threaded up to 10 (receive healing)
* Exploit CF 5, Threaded up to 10 (receive healing)[-2 dice... err Threading Spec harder]
* Call down 2 Rating 1 Sprites who owe him an inordinate number of tasks (say >10) have them take over sustaining (recover dice)
* Call down 2 pre-registered Rating 5 Sprites have them boost Stealth and Exploit to 15
* Attack node with an ungodly number of Dice with the intent of getting an admin account.
* GOT ROOT?

Note: The Assist Sprites are certainly gone and the Sustaining sprites can be thought of as gone too.

From here its more variable
* Use Deactive Program on any IC or Agents
* Terminate Connection on Spiders.


Once they have admin, they have the system right? What can I do?
McAllister
To be perfectly honest, I don't have a lot of experience with what someone can do with an admin account, but I'd love to speculate with you.

For one thing, I reckon you wouldn't need to Spoof commands; anything slaved to the node would take your orders anyway. You could also change the access privileges of any other users on the node, although I have no idea whether or not an admin can demote another admin. Basically... if you've hacked in to get an admin account, the node thinks it's yours. It might have its own protocols in terms of what to do if an alert is called, and I don't know what admin vs. admin combat is like, but for all intents and purposes, once you're in that deep, anyone trying to dig you out (say, a security hacker) is the invader.

But, from a GM point of view, how you defend against a souped-up T-Mancer probing his way everywhere and adminifying himself? It makes sense to me that the legitimate admin of a node could set it that, if the node detected a new admin, it would kick everyone out, trigger an alert, or just reboot the node. Perhaps you could allow the PC a matrix perception test (threshold of your choosing) to notice the trigger, with a -2 penalty if he doesn't use a free action to Observe in Detail. Then the PC would have to hack in with a normal account, Spoof the trigger to disable it, and hack back in as an Admin. All of this would require him to spend some time in the node, increasing the chance a wandering IC will Analyze him and sound an alarm.

Also, Data Bombs are especially cruel to TMs. One tactic suggested in Unwired is to have a fake hint that seems to lead to a node where lots of sensitive information would be hidden, but just make the node a trap; anyone entering the system is Data Bombed, Black IC'd and otherwise FUBAR'd, because all the people who SHOULD have access to the node have been told about the trap. It's called a honeypot; it's like having a room in your house labeled "All my money and valuables," but whoever opens the door just triggers a bomb and an alarm. Only this is more subtle.
deek
You could always have the node require a physical passkey to authenticate admin actions. That way even if the TM hacked in and had admin privileges, he'd still have to roll hacking (instead of just an action because you have access) and likely the +4 firewall bonus for an alert.

The other thing is, that if the spider has his connection terminated, its not that hard to log back in with a different Access ID and from a different connection. Heck, he may even get a few of his spider buddies to login as well. If they are all stealthed up, your TM, even if an admin, isn't going to automatically see anyone.

Now the TM does have a high stealth, but once that alarm got triggered, other admins will be able to "see" you. At this point, its really a matter of cybercombat to see who stays on the top of the "hill".

But, then again, what prevents the spider from giving the server room a call and telling the on-site guy to pull the plug to rack 7 and dump the TM out?

My point to all this is, successful control almost always rests in the fact that you don't alert anyone to your presence, but are able to toggle the right switches or grab the right files to complete whatever job you have. Unless the TM's group also has control of the physical node, then the spider still has the upper hand unless you stay stealthed and don't set off an alert.
BlueMax
OK,
So I feel better about my "play book". Last node had an alchemical passkey and a Rating 5 Databomb. Keep'em coming!

BlueMax

Tiger Eyes
My GM has pretty much standardized the "Code TM" response. Which means that if I try to dump a Spider and don't knock him out in 1 shot, before he notices me, the spider jacks out and trips the hard-switch for the node. Dumpshock is such a pain! And then the place knows it's been under attack, security everwhere ramps up, and we end up calling off the job. Even with massive amounts of threading and sprite Assist Operation, I'm at about a 1:3 ratio for knocking out the spider without tripping an alarm. (Learned the hard way that killing a spider gets noticed really, really fast, and the other security personel have all sorts of nasty things they do when the get the spider's "DEAD" ping from his biometric tag.) Yeah, spiders are the bane of my TM's life.

And, yes. SR4A made data bombs into Death To Techomancers. Grr. (I hear Aaron chortling from here.)

And you can always have the security protocol not allow Admin accounts to be deleted except via a hardware connection. No dumping the spider. And are you having the access logs reviewed? A databomb on the access logs is particularly fun. Er. To a GM, that is. (again, speaking from painful experience.... always roll Matrix Perception before accessing Access Logs... ouch)

And don't forget, some corps will have technomancers and/or sprites patrolling the node (Horizon and Evo come to mind). Heck, why not put a grumpy free sprite in the node. They could get rather territorial. wink.gif


Heath Robinson
Your spider gets word that a notorious Hacker systematically unloads any Agents on the systems they hack and keeps a subscribed Agent on their important nodes to alert them when they've been hacked. Then they powercycle the machine.

Hey, the Agent isn't doing anything. Your player's fault for not smelling a rat... or a smart Spider.
BlueMax
QUOTE (Tiger Eyes @ Jun 26 2009, 02:49 PM) *
And don't forget, some corps will have technomancers and/or sprites patrolling the node (Horizon and Evo come to mind). Heck, why not put a grumpy free sprite in the node. They could get rather territorial. wink.gif


Our campaign, Epiphenomenal, is currently in 2068(or 9) and even two of the TMs don't understand who or what they are yet. The big time hacker is/was/will always be, an Otaku. Or a Hack-no-tacku as we call him. Thus, I am trying to minimize the number of TMs... for a bit.

The campaign uses some of the material in one of the campaign books {shh they don't know which} and they are about to head to Hong Kong to look for (lost love) the face's daughter. I bet you can figure out which hospital smile.gif


Thanks for the suggestions about needing to hit the Spider hard as this will give him cause to bring in the other two.

BlueMax
BlueMax
QUOTE (Heath Robinson @ Jun 26 2009, 02:54 PM) *
Your spider gets word that a notorious Hacker systematically unloads any Agents on the systems they hack and keeps a subscribed Agent on their important nodes to alert them when they've been hacked. Then they powercycle the machine.

Hey, the Agent isn't doing anything. Your player's fault for not smelling a rat... or a smart Spider.


I like it.

My assumption is that if the Agent just crashed the Spider should not just power cycle the node but investigate. If these are important nodes, they need 5 nines of uptime, correct?

BlueMax
/or at least 3
Telion
At least encrypt the access log and possibly the node for extra challenges. then toss the data bomb on the access log as well.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012