The thread about Agents has reminded me of something I've been working on for a while.

Why would you waste vast amounts of money and hardware resources on IC that you very rarely need?

Particularly small businesses and nodes that aren't major security risks can't afford the hardware and software to respond effectively to any attack they might detect.

So why not contract it out to the likes of Lone Star?

Have a system set up with Optimized Analyse and a decent Firewall and if you can afford it a resident Agent with Optimized Analyse and the Homeground Autosoft. The ARC contacts contracted security should anything untoward be detected.

Lone Star or Knight Errant virtual security services run huge banks of Nexuses. My personal opinion is that Response 3, Processor Limit 15 is the most efficient hardware platform. You can run two fully loaded Rating 6 Agents on that hardware for only 2250 .

You can split your Agents into several roles. A Patrol moves from Node to Node in the network to be protected in groups of 3 that co-operate to Analyse the Node for intruders and raise an Alert when they are detected. Trackers can immediately begin to trace the origin of the attack while teams of SWAT IC configured to combat either Agents or Personas log in to the node remotely. Attacking Agents can be Nuked into inactivity allowing Trackers time to do their work while Black IC can keep Personas logged in and deliver Psychotropic elements that make an Attacker easy to capture should the Trackers fail to track his physical location.

Prices can vary depending on security level, number of attacks, regularity of Patrols and level of response required.

I'm thinking I could do up several response profiles that match the Professional Ratings of NPC security.

Any thoughts?

Sounds like a workable system.

First trick for the attacking hacker would probably be to look for and erase any typical hired security accounts, so as to buy time...

Still, i guess that the sec corps could offer a on-site package, where they bring in their own hardware and wire that up to the network. Said hardware is maintained by a supplied spider on contract.

agents travel from node to node by loggin into that node. it doesn't matter what hardware lone star has, it matters what hardware the node they're in has. if you want them to be based from a 'home node' you need to send them out with an actual persona.

?

I'm not sure half of that even means anything.

Agents and IC as not limited to acting in the node they are running on.

Agents and IC derive their attributes and limits from the hardware they are running on.

I refer the honourable gentleman to the debate in the Agent thread currently active.

Unless Fourth Edition A has changed something really major when it comes to Agents then no, they do have to log onto the Node that they are running on, otherwise you have to assume that Decking is nearly impossible since the corps will simply frontload their checkpoints with hundreds of Agents that are run on seperate servers.

Also something to remember when hiring your security to outsiders, sure it may be cheaper but do you really want to give all of your sensitive and valuable data to someone else?

That's actually covered in one of the fluff sections in VR2.0. Corps that hire other corps to do their security especially the ones that hire megas like Renraku trust the other corps to not commit marketing suicide. That's not to say a security firm would never do matrix espionage on a client but the payoff would have to be so rediculously huge to A) outweigh the risk to their reputation and therefore bottom line B) Outweigh the risk of a lawsuit before the corproate court

Yeah, there's a problem w/ the concept... it's an advantage to an actual decker security spider, that all his apps run on his local commlink/nexus and move w/ his icon.

Agents though when they move... they literally move... them and all programs loaded into them transport to the target node and suffer from the response degradation and such of the new node.

IIRC: this was actually a problem w/ rigging AI's in that they didn't rig the remote node... but they jumped into it taking the place of it's autopilot so if the drone died... the AI was trapped in it and died. The AI can't suffer 'dumpshock' but acts as an agent in that regard.

Meh, only if it can be traced back to the corp providing security, sure it probably doesn't happen often, but I'm sure that it happens often enough that the corps have to weigh their options. Either way it doesn't work with IC, just Security Deckers/Spiders.

This is incorrect.

When an Agent accesses a new node only it's Icon moves.

If it loads itself onto a new node it, all it's code and all it's programs move.

I refer the honourable gentlebeing to the answer I gave earlier in the thread and to the ongoing Agent thread elsewhere in this forum.

You DO realize that the idea you are pushing does nothing for the game except cause problems right?

Ravor... there's no arguing against people like this. They're convinced they're correct, despite all the other books which say otherwise.

They don't understand why people don't like the concept of having an agent smith army of thousands (well the subscription limit) of icon agents descend on them. (as that's the logical extension of what he suggests). At that point, mutually assured destruction means, that you need to flood the node w/ your own friendly icons before the other guy does it...

The only thing to do is point out the problem and logical result of his assertion. Then point out that actual decker security spiders already provide this service in the book, and while they run agents, they don't use them like this because of those limitations which stop agents from going from usefull to uber.

I'll thank you to keep this civil and the debate about whether or not an Agent can access a Node without being loaded onto it in the other thread.

I'm with crizh on this, and I think its fallacious to claim we're saying it because we want to break the game. I play bi-weekly for fun and have no intention screwing that up. Let me be clear and say I like this game and its rules.

First, please don't claim what other people do and don't understand. What you assert here contains it's own answer..The limitation on multiple independent agents is the subscription limit as under the rules in Unwired, subscription limits the response exactly the same as processing limits (system x2 /system respectively). Processing limit stops you running too many on a given node, subscription limits how many you can reasonably command from remote nodes or how many can Log On to a system. This limitation even applies to spiders and security specialists, as otherwise nothing would stop a big corporation from sending in 50 matrix response personnel either.

But what is really RUNNING the program? The node that the agent originates from. If what you say was to be taken at face value, you break far more of the system than by allowing it, because imagine if I could crash a node simply by sending my agents to log on it via a legit account. 3 agents (with separate access ID's) with a 3-4 program payload can crash anything not military grade or serious R&D (as that is 12-15 processing items rather than 3 subscriptions). How odd that personas don't do the same thing when they Log On, but do take up a subscription.

By virtue of access they've overwhelmed the node you claim is now supporting them. Who needs cybercombat? Also, since by nature of them having to copy over each time, all agents would need Admin (or at least security) access in every case, as allowing them to crash such a node with user access means lets just forget hackers all together. And would that just be a Log On action, or wouldn't they have to perform a Transfer Data action to actually copy themselves?. And how could they Transfer Data before they Log On, and how can they Log On without a Transfer Data? Don't forget they still need to Log Off somewhere too. Are you combining these magically into one action for agents only to Log On?

Better hope every agent has the Edit program too since nothing can be done without the proper program.

As final food for thought, only agents with copy protection cracked would be able to "copy" themselves, so how do legitimate agents do anything at all other than defend the node they're run in? See how it starts to stretch? Loading an agent into a node is completely different than a Log On Agent action into a system. It should work exactly like a Persona.

Even items like Fetch Modules would be meaningless in your interpertation. Why have an alternate module to run a browse agent, without hurting your system resources if the moment it connected on your commlink it would drain on your processing limit along with the Browse program it was running? (note a fetch module specifically uses a subscription and no processing limit).

Spiders and riggers are used not because they can benefit from a separate system when agents can't (and how would that make sense considering they use the same hardware to connect), but because Agents are limited and unreliable. After a certain point, the resources spent on redudancy could be better invested elsewhere in security. The likelyhood of mass agents is the same as mass drones. Each agent would have to have an individual access ID purchased separately (or individually patched). So if you're assuming every corp would just build an agent army, you also assume every corp has the flying cloud of drone doom numbering in equal amounts (which they probably do, but the chances of them sending them all to the same location is ludicrous).


================================================================

To answer the OP and I apologize for the spill over and will gladly remove the above at your request.

I think matrix security outfits exist in both corporate level, and underworld level systems. The idea of Matrix protection (and the flip side of extortion) is evident enough to consider it more on the common side of things. The fact you can rent botnets infers the reverse, you can rent security. Hard reality though, relying on only agents for matrix security is like relying on only drones for physical security. Too easy to bypass without the human overwatch, and the Matrix is BIG. So there has to be numerous outfits dealing with Matrix security and even troubleshooting services.

I doubt they ever enter AA or above status, as no corp big enough to give them that kind of pull is going to outsource something as important as matrix security to another corporation. Least that's my opinion anyway. Since every corp therefore would maintain its own division, and probably outsource to businesses and definitely citizens in its enclave, its safe to assume the competition to the average "start up" is as fiece as it is limiting.

And maintaining a large number of agents requires lots of nodes, and subscriptions. Because ideally you would want max one agent per node to handle any decent payload. Counting subscriptions and cost as limitations, there is a limit to the number of customers you could ideally support. Reaction times would suffer and the ARC at best could put in an alert. I see this as the difference between calling Lone Star or having on site security. Its beneficial to have your own guys to respond quickly, but it's easier on the resources to outsource.

Actually I don't really have a problem with Denial of Service attacks and would imagine that most nodes would be programed to simply cycle the wireless once it's rating started to drop due to program load thus keeping any hostile Decekers at bay.

What does "cycle the wireless" mean? Is it like restarting the node? I'd actually been wondering feasible turning the wireless off and then back on would be as a countermeasure against hackers. Where, if anywhere, is this described?

I know DDoS attacks are described in Unwired, but I read "VPN" and "botnet," and I decided I'd ignore it unless it came up in a game.

Along with all legitimate users. The hacker can just wait for the wireless to come back on and repeat as needed (or set his botnet to do the same) and still get the effect of a DoS.

McAllister yeah basically, and the end result is that anyone logged into the node via an outside connection gets a nasty case of dumpshock.

toolbox so? I never said it was a perfect solution, but it is better for the setting then allowing people to load a bunch of Agents onto seperate servers and then have them all waiting to gangrape a single node.

The legitimate users will be fine, 5S is just a headache. I mean, they're supposed to be running cold sim, right?

That would work but it takes a long time to reboot or crash a Node.

In that time a Hacker can do a lot of damage or can log off and avoid dumpshock.

It's even a potential attack form. Come in with Admin, spoof a new Access ID for the Node and reboot it. When it comes back up it'll be at a new address and the only way for the legitimate owner to fix it will be to physically pull the plug.

Unwired specifically allows DDoS attacks, which is what you're talking about here (and you said you didn't have a problem with them). All I'm saying is that, in practical terms, your idea isn't a solution at all; whether or not you cycle the wireless, the hacker's antics are still blocking legitimate access to it, which is the whole point of a DDoS attack.

I'll throw that "so?" right back at you. Yeah, you can cycle the wireless. So? What's the practical benefit?

Me either! But DOS attacks are caused by altering or flooding the subscription list, not running programs on their node to crash it. Even the action as described in Unwired talks about he subscription lists. Also, DDOS are more about flooding the node with requests rather than actually logging on.

Now a couple of things regarding my earlier post. One, a correction, Unwired states that an agent Moving does not have to have copy protection broken as it deletes itself from the previous node. But bear in mind that this distinction is made in the same section that notes an agent can access (or Log On) to a node without copying or loading onto it.

Cycling the node (read reboot), spoofing the nodes access ID to terminate all connections, editing/refining the subscription list are all viable methods to resist or stop a DDOS attack. Cycling the node is the least useful, because if we're talking about botnets, they will take up the attack as soon as the node comes back online.

Second clarification, subscription as the limitation is more important, as that is system x 2 before response degredation, where as the processing limit is only system per response decrease.

An agent with a decent payload can count as 5 in the processor load, but still only 1 subscription. So a device rating 3 can easily be flooded by 3 agents with 4 programs. They would have a load of 5 apiece x 3 agents is a processing load of 15, or -5 to response and a crashed node. As subscriptions, they represent only HALF of the allowance and no response decrease.

It takes more than a few bots/agents to crash a node via it's subscription list (edit: by Log On, not just DDOS which is System x 4 per response). Max processing limit before response is 0 on the example device (rating 3) is...9, Max subscriptions before crashing the same node is actually 18-19. The math is important.

crizh no, in an emergecy all it takes is to pull the power, so I'd say one simple or maybe a complex action.

toolbox it dumps any Deckers that are in the system, and keeps your data safe, albeit offline. The DoS attack itself works.

Ok, but data access isn't the point of a DoS attack. At all. There are several other ways to do that. So if someone's flooding your node with agents, turning off your wireless is just doing his job for him.

Assuming you are physically proximate to the node in question. This is quite often not the case.

Try doing that with an iPhone....

Actually it's very easy to dumpshock people from a system.

Just have it go into 'autistic' mode to borrow the GitS term. (turn off it's signal, not necessarily turn off the device). It's a quick and dirty action to change that on the fly. Node I'm in just changed it's signal from 6 to 0... *dump*.

Agents don't suffer dumpshock. Only those in VR (hot or cold) do... so someone using AR can't be dumpshocked.


As far as the rest... crizh... I never said anything in bad faith (or made an ad hominem). I'm simply pointing out you won't entertain any arguments against your rule, despite the fact it was written BEFORE rules DIRECTLY CONTRADICTING it were written. (and I'll point out that phrase was ADDED in 4A and wasn't in BBB). Your mind is closed... hence why I said it's not worth the time to argue against you. Only point out the potential for abuse this opens up, so others can make up their own minds. Translation: you're no longer the target audience of the message.

Wiseman:
Here's the problem w/ your assertion... an agents AccessID can be spoofed by the decker when it's loaded into a node... so you can make multiple copies of the agent w/o cracking it already.

Now the only problem is finding hardware to run them (either wittingly or unwittingly). And when everything is a device.. that's not a very high bar... especially once you add in the optional rules and software mods such as optomized... (yeah this program is ergonic and optomized... so it's rating 5 or 6 and I got a bunch of things loaded into the agent).

You seem to understand the rules for making DDoS and bot armies... the above quickly works for agents as well.

Actually no, that is in the errata for Unwired and that line has been removed. The only way to change the agents hardcoded access ID is by patching: Logic + Software (rating x3, 1 week) extended test.

But, to continue correcting myself (sorry guys), my "math" was wrong above, the response degredation for subscription limit is 1 per subscription over the max. So in the example, it would also equal..9.

But this thread has been totally hijacked at this point and we probably should move the discussion into a new and final thread, and lets really get all the points of view out as i'm open to changing my mind. I just don't see the doom you see by allowing multiple connections for agent programs (without now running on the node they accessed). Subscription limits them just as well for the feasibiliy of remote IC/Agents, and processing limit prevents running too many in the node itself.

First, if you can't see why the phrase 'some people' raises the hackles you need to take a long time-out from the internet.

Second, I am always willing to entertain argument and I am one of the few willing to admit to error, I might be blunt and tenacious but I won't support a position if you can convince me that I am wrong.

Third, as you can't be arsed to continue this debate where you were asked to and are conveniently ignoring what I had to say there, I will repeat it here. Put up or shut up.


----



Unwired p110



Is that clear enough for you all?

Until I see errata explicitly contradicting this I ain't interested in any further argument on the subject.

That is the RAW.

The text in SR4A is cludgey and does not explicitly contradict the above. If you infer it's effects to their logical idiocy you find that the above quote cannot be true.

It's not a difficult leap of the imagination to infer therefore that the text the OP quoted is just poorly written by someone with an incomplete grasp of it's ramifications and that it will be errata'd in due course.

Certainly less of a leap of imagination than it takes to assume that it overrides the explicit rules in Unwired.

Perhaps Aaron or Tiger Eyes might like to jump in here?