Is there a prohibition against stacking commlinks and treeing them off each other?

For instance, could you route your Matrix browsing through two commlinks with rating 6 firewalls to force a hacker to get through two firewalls instead of one?

Also, could you route a Technomancer's signal through a commlink for extra protection?

The short answer is, you can't. The way the matrix 2.0 works, it doesn't really matter what's in between. Technically, your matrix connection is already being routed through any number of other commlinks and nexi.

The long answer is, you can come up with tricky reasons and convince your GM; the matrix rules are very shaky, so there's lots of room to push.

A TM's bionode is already unhackable.

Not according to Unwired (pg 135)

Except by another tm or a sprite

Unwired does have rules or bits in there about proxys

So what you are looking to do is use two commlinks as proxies, best not to have them on the character though (and I would slap an agent/sprite in them to watch over things... make yer own glacier)

There was something in Unwired about going through corporate nodes/satellites such that anyone trying to trace you would either have to hack the other corporation or call them up and get permission (good luck).

Actually there, Yerameyahu, Proxies are the way to go if you are going to do that... it may impact your reesponse a bit (-1 per Proxy) but your tracing stops at the proxy, not at your comlink...

Another way to do that by the rules is to Subscribe multiple Nodes (Individual Comlinks) to a Master Node with no SIgnal range but DNI connections to teh other Nodes (DO NOT Slave them, but Subscribe them)... and then initiate your Hacking attempts from the Subscribed Node/s (Much like a layered network in a way)... Example: Primary Node has 3 Subscribed Nodes (Call them A, B, and C)... I initiate my Hacking from any Node (A, B, or C), it does not really matter which, and proceed from there... to hit your primary node, they must hit one of your outer nodes first (The one you are hacking from obviously, as they are the only ones with a Signal out), and then they must move from the outer node to the inner node to hit your Primary Node and its other subscriptions. Layered Systems work from comlinks just as well as they work from Nexi... The benefit to the layered protocols is that you can employ security on each layered node to protect the next inner layer... makes it very difficult for the Opponent to actually do anything to you quickly, and may eliminate them before they ever reach the central node. Another benefit is that you can have each Node with it's own number of Subscriptions available; you may have to scroll through them by Node, but you can have large amounts of active subscriptions (Assumming that you need large amounts of subscriptions for some reason)...

As for a Bionode... someone already answered that one as well... TM's can hack other TM's Bionodes...

Dig it, thanks for the Proxy thing.

I'm not sure this 'subscribe and initiate hacking from there' is a real thing, though. Is there a page number? Because that's exactly what I was talking about. If it's not a Proxy, what exactly are you doing?

It is no different than a Sytem layered within another system... they talk about such things in unwired a bit. You have a Signal Point into the Matrix (Call it Node A)... Node A connects to its controller (Node B), which is a simple little device that routes information from the inner Network to the outer network, so does not really do much but provide a chokepoint (Which can of course be protected by ICE and Programs like any node)... Node B connects to Node C (Which is a subsystem within the building for distributing connections to the Important Data Server - Node D, and Terminal Users (Nodes G1-G100)... Node C is also Protected like any Node... Now for simplicity sake, we hit Node D the, Memory Core that Matters to your attempted Hack (Also Protected)...

Now, to get to Node D You MUST go through all the nodes previous, so you hit A, hack it, subborn it and then to Node B, then to Node C, and Finally to Node D (you really did not need to acces nodes G1-G100 as they are irrelevant for the example). Node D is where the Data is that will give you the keys to the Large Payout... you cannot get to Node D Directly from the Matrix, it is impossible because it only connects to Node C (of course, you could gain physical access and use Nodes G1-G100, or search until you found Node D physically, but for this example, you are on the network from the Matrix)... now Node C only connects to Node B, and so on...

Pretty simplistic example, so I do apologize. Make Sense?

Anyways, you can do the same with Comlinks, assuming you want to take the time, effort, and resources to do so.

And doing *that* doesn't cost you Response? :/ That hardly seems fair.

Anyway, the reason this seems so odd to me is that routing is the whole point of the matrix. Your connection to Tokyo goes through possibly hundreds of nodes automatically, whoosh. You can't turn off the Matrix 2.0 automesh even if you want to, I thought. It's not like there's a point where you connect to 'The Matrix'; the entire route is the Matrix.

Does not cost response at all... you're not using a Proxy, and the only link that matters initially is the one you are hacking with (Node A in this case)...

Anyways...

Totally unfair, then. How is a Proxy different?

Not unfair at all... it is a layered system...

A Proxy is more of a redirect that terminates at the Proxy rather than the originating Node... You stop at the Proxy, regardless if there are layers beneath that or not... which is why it is so useful... a layered system that does not use a proxy would be susceptible throughout the system... and I also forgot... Each Proxy Server you use to route your communications imposes a +4 Threshold on being Tracked as well.

You could setup the example I provided as a Proxy (at Node A) if you wanted to do so, and it would work just fine, with a little Response degradation if G1-G100 tried to do anything outside of the Proxy (-1 Response). You would not be able to penetrate the system any further than Node A

They are different system layouts with pros and cons to each version... with a Proxy Setup, you have no other choice but to hack the site behind the Proxy (assuming that you could actually identify it at all, which is why they are very useful); while the Layered (non-Proxy) option means that you would eventually (Probably) penetrate to the areas that you needed, given time... but that is what it takes, Time, and that is something that you may not have...

They are both valid ways of securing a system/node.

Sure, but where exactly is the con for the layers?

Huh?

Pros and cons? There have to be pros and cons. All I see are pros: massively multiplied hacking resistance, no penalty.

You canot totally secure it without taking other steps... it is vulnerable, though with effort... and it is costly, as you must purchase the individual nodes seperately... for example, If my Comlink setup costs 40,000 Nuyen (Not to outrageous with all the various options, I actually created one that ran closer to 70,000 once... Hell, Just baseline 6's cost a fair amount... 8,000 for Response, 3,000 for Signal, 3,000 for System, and 3,000 for Firewall is starting at 17,000 Nuyen alone... adding response enhancers and other high end options rapidly increases the costs of such a Comlink... Nexi are even worse for high end ones), would run me a cool 160,000 Nuyen for the simple system I described, without any software/agents to manage it.

Starting Characters will not be able to afford a top of the line Cyberlogician Comlink Setup (Multiple High-End Comlinks configured for maximum efficiency)... it is way beyond their means...

Layering is generally a pretty efficient method for securing a system... it increases the time to penetrate it. Other methods add complexity and cost, and of course, you can mix and match for even more Matrix Security Goodness...

So, a little extra cost. You don't *need* signal or response enhancers or anything, they're just walls. That's laaame sauce. 14k¥ per 100% increase in defense time, plus IC (pirated, copy-deprotected, duped).

Believe what you want, but there is nothing lame about it... The Corps use this schema even in todays market place (I know my Corp does, and I am sure that they are not the only ones) so I am pretty positive that it will continue into the 2070's... it is a perfectly viable tactic for the Hacker of the team... maybe not all runners will have this setup (it is pretty expensive after all), but it does make sense for Ultra High-End Hackers with a fair bit of Karma under their belts.

Hell, Proxies are the best in my opinion... a Drop Dead point from which you cannot be further traced back... Yes Please...

Oh, it's not a question of logic. It's a question of game balance. In fact, given the cost, the Corps in 2070 should just use this times 1000. Times 10000. Nothing could be hacked before they just physically moved the 'safe' machine… to a new hyper-layered connection, while the first one reboots. And again. And that's not AAAs. That's any company who thinks their data is worth a measly couple hundred thousand nuyen.

It's worse than the old Hack-a-Stack exploit. Yes, logically, the Matrix would be pretty secure, hackers wouldn't be joyriding everywhere. And yes, I see it now on Unwired p73 (Layered Security) (thanks for the page number, hehe). But, it's SR, it's Matrix 2.0, they're *supposed* to be joyriding. And it's a game, so things should at least pretend to be tradeoffs. Bleh.

I disagree... this has been the norm for almost every system we have hacked in the game over the last 5 years of SR4... we do not access a node and have everything we want at our fingertips (I am assuming that you do not as well)... we must delve into the system to find the correct node. No different than the original system maps of 2nd edition actually, except that they play out much more quickly (we time hacking actions with Meat Actions and run simultaneously)... hacking is very dynamic in our games... and yes, it does behoove us to penetrate a system ahead of a Run if possible to lay in some access points or whatever else we may need. This is usually a part of Legwork, if it is possible at all...

Again... if you are paying out massive thousands of dollars per Node, you eventually reach a point of diminishing returns. I work for a Multi-Billion Dollar, International Corporation with close to 15,000 employees, and I can tell you that our critical data is heavily protected, but not to the tune of 10,000 layers of protection (or 1,000 or hell, even 100 layers)... that would be ludicrously expensive... But there are enough layers to make hacking the system exceedingly difficult, and likely obvious when attempted, which brings other defenses online as appropriate.

Is it appropriate to have 4-5 layers for a Team Hacker with the experience and money? Yes, it is... would I have a Dozen Layers... not likely... it will be scaled to the appropriate level based upon expereince and resources. Could you get away with a hyper-node with a Single Layer... Probably, until the team of dedicated hackers hit the node and made hash of it... That is a reason that you would use layers if you could. That is the reason that I use multiple layers, because early in my career, I was completely downlined by a team of Hackers/Technomancers... I learned my lesson and improved security significantly over the course of the campaign as I could afford to do so. Now, I am pretty safe from most threats (and that is why I am the sole Tactical Coordinator for the team as well)...

Anyways

Bleh. That's the point: the old system maps were meant to be slow. In SR4, it shouldn't be that easy for Joe Nobody to be safe, nor *that* hard to get into Joe Somebody's stuff.

It still takes time though... those types of security setups are not something that you penetrate in a Turn or two... they take time.

Joe Schmoe with his standard Comlink (98% of the world) will be something that a decent Hacker can get through like a hot knife through butter... the Average Joe Schmoe cannot afford a security setup like that, as it is likely several months to several years of Lifelstyle (Middle) costs just to think about such a thing... most individuals will have a single node, with little to no real security on them. Just like the real world today...

Anyways...

For some reason, the Zurich Orbital only has an onionskin of 16. This is what I'm saying: the game world is designed to be playable.

Well, sure, but the nobodies also don't have good armor or guns or anything. Who cares about them? I meant Joe Nobody 400BP Runner, sorry for the confusion.

Again, I'm not saying *you're* wrong. I'm saying BLEH, my game won't have NPCs carrying around 1/3 the security of the (legendarily safe) Zurich Orbital for their TacNets.

Ofcource you can, you just rip of the wireless chip from the node and replace it with fibreoptic line to the next node.

actually, only a active mode node do the mesh thing. but then its close to mandatory in the nicer areas, so...

Yes, thank you Max. I meant, 'when you could otherwise participate'.

Good point, hobgoblin, thanks.

Or just turn the wireless off and datajack it. Wirelessly daisy chained commlinks is the most secure way. You don't even really need IC, just good analyze programs on each. By the time they get to one outside of your main node, you can just unsubscribe your main and do some mass wireless connection resets of the others to dump the hacker from your system.

However, I am 90% sure that routing your hacking attempts through any other node does cause response degredation.

The intent of the rules is clear: if you can get out onto the matrix, someone else can get to you.

It doesn't matter how many subscribed nodes you route your signal through; if you are in VR, you are in the node you're hacking; they don't have to go through anything to get to you.

If you pull out, there's not a whole lot of mechanical difference between spoofing your connection to begin with and then changing your ID, and setting up a big complex multi-node rig. The data doesn't go away; anything, once released to the internet, is out there forever, you just have to find it.

All a big fancy rig like this does is give you - no, your programed agents - a little bit more time to spot the intruder. It does not provide any kind of blanket protection, just slows them down, which makes automated detection more likely.

If you are able to make Matrix Perception rolls to notice their activity in that node, then you are in that node. That is quite clearly how the rules are supposed to work, regardless of writer error. So all you have to rely on is an agent doing the work for you.

Also, I think that daisy-chaining connections has to reduce your response. It's entirely possible that the writers didn't consider this idea, and so failed to include a rule that should be there, but dropping response by one for every node with barriers you have to route through to get out makes sense.
Once you take the barrier down, or put in a loophole so you can go through, there's no penalty, but if it's protecting you, it slows you down, period. At least, that seems like how it should work, assuming the rules are fair and consistent.

Er, the discussion isn't a hacker out in the digital wilderness trying used stacked nodes to protect himself.

The discussion is a target system a hacker might be trying to break INOTO using stacked nodes to protect internal paydata.





-karma

ack, double post.

… No, the discussion (for me and Tymeaus) was definitely about personal hacker PC *defenses*. We just used 'target' systems as examples for the discussion. However, it clearly works both ways, and the OP wasn't clearly interested in only one or the other. Both sides are vital to consider.

Plus with layored nodes done right you can dynamical shut-down and reboot one and temporarily reorganize the layers. If done right you can use this to really piss of the hacker shut down the node he in-the process of getting into voiding the attempt replace it with and other for a small time and repeat causing him to forever have to hack changing firewalls or at least for long-enough to trace, deck him out ect plus you can reboot the node hes in and move another node to your outer one too. This method woudl require vaild users to be able to log on to every node and knwo the rotaition in adavence so its not really vaild for high traffic areas but to proect pay data or your own main com it works to an extent sending all the suffer commands eats a lot of actions lets hope you have 5ip or find a way to agent it all.

no diff with AR, just to be pedantic. Heck, this persona concept makes electronic trespassing laws somewhat easier vs real life IP addresses and such (especially once one consider open wifi networks and NAT routers, tho i guess they fall under the SR proxy rules).

Passive also passes along signal data as well, even if you do not physically accept those things into your own comlink, they still route... Hidden shuts that functionality down from what I remember...

If daisy chained Nodes degraded, a large number of Corporation in the world today would not be able to function with computers...

Just sayin...

The biggest benefit is that if you detect an intrusion before it accesses your secure research data, you can immediately segregate your research nodes (assuming that it does not cause irreperable data loss/corruption to do so) and pull them from the network... it is very easy to do... It also makes High End Hackers like Slammo! and Netcat, who do not appear to be big blunt hammers, to penetrate a system with little to no trace... If you are good, you do not fear the security, because you will likely not be detected.

Remember... Nodes on the Matrix are CONSTANTLY bombarded by viral advertising, Hacking Attempts, and Data Requests in a constant blur of data. If you are rebooting every time you detect an intrusion you will NEVER get anything done in your organization. To mitigate that, you take other Steps... Your ARC on the outer node is probably going to be an automated response to just log off the intruding signal... deeper intot eh system, the ARC may perform other directives, depending upon the node.

It behooves a Hacker/Technomancer to be skilled in myriad ways of penetrating a target system... Use of Sprites, Agents, Worms, Trojans and Viruses, along with Stealth and/or Attack options, the various DDO style assaults, or other tactics, make for a very effective digital intrusion specialist; and most systems will be configured to respond to each of these situations in different ways. Use them all and you are likely to penetrate to your goal and get back out alive, with the data needed, and any traces redirected to some null point that leads the opposition no-where...

No one's talking about the world today, though. It's game balance in a game world.

Damn spam.

By intrusion I mean one where rebooting would save your ass as in a hacker in you nodes You'd have toe reboot cycle as a global scritp ready for the I really need to stop them getting in moments.

Always good as a last resort tactic, sure... It is just that a reboot takes time to initiate and come back up, you may still have issues as the system reboots, before anyone is kicked out by the reboot sequence...

unwired, p54, routing, says something else.

so basically, unless the hacker happens to have an account for the office network being targeted (remember, while hacking in provides the equivalent rights of and account level, its not an account), he will have to hack every passive or hidden node on the network thats between him and the target node. And as there is no benefit to be had for running a office node in active (that i can see) they are probably passive.

It occurs to me that a nice way to screw with a corp, and perhaps make it difficult for them to deal with, is making part of their 'ad filters' and 'spam blockers' block legitimate (but sporadic, cause that'd be more fun) traffic. Woops, looks like today your spam blocker has decided that automated funds transfer (your paycheck) is spam.

Indeed it does, My apologies... I, for some reason, read Peripheral nodes as Passive... not sure why... thanks for the clarification...

As for hacking passive/hidden nodes, there are more than enough peripheral nodes in signal range of most comlinks, that active interval nodes betweeen you and the target are not all that difficult to establish... where it gets tricky is the nodes of the target system, you can pretty much guarantee that you are going to be hacking each node unless you have that account for the office network as you pointed out...