Greetings,

I'm a new GM (for Shadowrun, not in general), and am struggling with some of the finer points of the matrix. Particuarly botnets. Conceptually I understand them. Mechanically, not so much.

While I would prefer not to be grinding through the finer points of botnets with only three sessions under my belt, unfortunately I have taken over a much more experienced party with an incredibly ambitious AI as one of the characters. In short: He is walking all over me.

I've looked it over enough to know he cant do anything exceptionally complex, and it isnt impossible for someone to start hacking away bits and pieces of it. But based on the understanding of it i have been given, he just has hundreds of these things roaming around giving him near limitless chances and dice to do whatever he wants. I don't think this is how it is supposed to work. Now that I have a few weeks off I'm hoping to get this under control.

So, can someone guide me through the exact mechanical process of creating, using, and defending against or defeating a botnet? (as thorough as you are willing including duplicating agents, subscriptions, hierarchy if applicable, access IDs, etc).



Thanks!

Have him show you in the rules where the botnet helps him do anything other than mass probes (and even there it's capped by skill) and DOS attacks.

Everything there is to find about Botnets is in Unwired around page 88 and 100.

I'd already read the section repeatedly before posting. It is still unclear. I realize this is largely becuase my grip on the matrix itself is still weak.

A few quotes from unwired:





This indicates they can be used to perform other tasks - just shouldnt be effective in many cases or very sohpisticated. Becuase I don't really have a grip on them, they are not only effective but pretty much dominating.

Combine this with a very loose transition between his botnet and his normal agents suporting him, its become this ambiguous monster. Especially becuase he just makes new copies every time he does anything.

The problem, as I see it, is that he's saying he has X for a dice pool. He's not explaining to you HOW he has X for a dice pool. Therefore you can't explain to us how he has X for a dice pool. And since we don't even know what X is, we don't know if it's actually a lot or if you're expecting SR4A defense to work against Unwired's (and other books) dice pool escalation.

Get a copy of the character sheet, post it, and tell us what dice pools he's using and how. It will make things much easier for you and us.

Thats harder than you might think, We game over skype becuase we all moved in ten different directions.

His Dice pool isnt the problem. I beleive its mid teens. My problem is he has (last number i heard was 120 but that was a few copy cycles ago) bots making that same test in the same round becuase of the botnet. He just says - "Im gonna task my botnet to data searching for A, B, C, and D and aiding one another to best efficiency possible. (IE, each one aiding the skill to provide its exact maximum bonus on the task)." Or more dangerousy "Im gonna task my botnet to hacking this group of yakuzas comms".

Even if ten fail, the next 30 don't. Thats what I mean by literally infinite dice and infinite simultanesou tries. I dont care if he has a dice pool of 10, 20, or 30. He gets a crack at it for every bot is the way hes trying to play it.

That is why I want to know step by painful step how a botnet is created. From the first original purchased agent onward. For purpose of this example assume all programs/hardware/stats/skills are 4 on the character sheet.

This, I think, is the relevant passage for dealing with his botnet:


His biggest problem if he's got hundreds of these things is that some have been caught in honeypots by some serious counter-techs. Remember that these are weak agents sent out not to targeted systems but to random systems that have only their vulnerability in common. Most are of no use due to what they've occupied, and even those that are in the right place are weak.

Also, don't forget that his bots are getting flushed as well as created. For guidance look at the mass probe rules (UN 100). They can also be compromised and used against him, both as tracing startpoints due to the access IDs but also as tripwires. (Hey, Joe, bot 2275A is asking if we're connected to the security system in the Burbank facility. Better give security a heads up.)

This is a large part of my confusion - My original understanding was he was creating copies of one of his agents, and then essentially chaining them to another one - Like a tree. Agent A tasks AA and AB, AA tasks AAA, AAB etc. and these things were just flitting around the matrix doing his bidding like a normal agent or sprite might. Each loaded down with copies of his top notch programs. Is this entirely incorrect (please tell me it is).

Wait. Ten failed hack attempts on yakuza comms?

That means ten traces. And ten alerts to the yakuza's matrix-walkers. Oh, gee, the next 30, 60, or hundred succeeded? So what -- by now the yakuza switched comms (what, only runners get to do that?), put disinfo teams on sending false info through the hacked comms, and have an unwelcoming committee on the way to the hacker's location.

I have this little rule I've learned the hard way: Greed kills. Sounds to me like your hacker's gone greedy.

All in the same round. Out of those ten each get hit with 10 simultanesous exploits. Thats the way it has been explained to me.

--EDIT--

That is why I am on here. I'm sure this is wrong. I just want to understand how it is supposed to happen so when I come in and say "Hey, you've been misusing this" I have a solid explanation of how it is supposed to work.

The Sniper Rule also applies in this situation. If he is willing to have the rules work this way, you are very able to say that the Yakuza have a massive (much larger than he could ever amass) bot net that will preform the same attack. Now given the fact he is an AI and that they could and would be loaded with Black IC, if I was him I would be very worried.

There is also a problem of being noticed, a massive wave of bots is going to cause a stir, much the same as bringing a Cannon to a Pistol fight.

Actually after the first few fail, since they are all copies running on a common list of codes, then security will just block all those connections and they all fail after the first few. Plus as Kirk said security is going to trace and tear him up. Plus what is he running them on? You can't just copy it and run it on his hardware, so he will have to be hacking and taking over lots of nodes to load them up on.

Just repeatedly gang rape him with traces/matrix security because the way he is doing it is very weak security. Also, you are the GM not him. He does not tell you how it works, you tell him how it works.

No.
Per the part I quoted first (sidebar, UN 100) not all the bots are in a position to hack the Yakuza commnet. How many are in place? That is up to YOU, the GM, not the player. If the player's been hacking places to specifically place bots for effectiveness, you and he need to have a solo session to see how many times he's oopsed his rolls.

Simultaneous on multiple comms? No. He gets to send a command to his bots to "hack this node" not "hack these nodes".

Simultaneous attack on one node? We have one of two situations: DDOS, or probing with a Teamwork test. Since he says it's a teamwork test, the rule (SR4A page 65) applies. Each of the ASSISTING bots rolls as though it's hacking. Each hit adds one to the primary hacker's dice pool. BUT, that dice pool is capped by the primary's skill (in this case I'd use its rating). AND, a critical glitch by any assisting bot raises the threshold by 1 (3 for extended tests).

It isn't infinite.

In his defense I don't think he's cheating, I just think he doesnt know what hes doing, and I know that I know less. Hes been playing a matrix player since January, I first glanced at matrix rules in about July... I took over from a different GM. This GM didn't have that problem becuase the player didn't read about these until after he had retired.

1) The first few fail, triggering alerts and traces. The remaining fail because there are no more subscription nodes for them to make the attack on.
2) Where does it say he can command all the bots to do one thing at one time in the same round and that what they can do is anything other than a DOS or a mass probe?
3) Don't have him explain the rules. Have him give you book and page numbers.

From what yall are saying - It seems like they shouldnt be moving node to node based on chain of command orders. That is largely part of what I wasnt understanding.

The detailed description of what happened with the Yakuza is they had a group of about 8 hiding out in an apartment complex waiting for orders and they snuck in for a quick strike (hoping to capture and 'question' one). He wanted to bring his bot net in to help him find, then hack the comms (with the end goal of then commanding them to start targetting cyberware slaved to the comms).


Based on everything you have said, once he copies an agent onto a node and puts it in the botnet - that agent stays there. Is that correct?

Outside of DOS and Mass Probe Turbo Bunny heavily insuinuates there are other uses, though.

I think I finally got part of it.

The problem as stated above, I was imagining this amorphous blob roaming the matrix that he was saying "Hey blob, go do this". Now I finally (with your help) understand that once a 'bot' is created on a node it ain't moving. If he wants a bot on a neighboring node (like in that apartment complex) he had best hack it and put one on there. Not simply order his botnet to 'travel' the matrix to Node Z and tell them to start hacking all the commlinks linked in to the node.

This clears much confusion. Please confirm if my new understanding is correct.

That's close enough to work with.

The bot is a fixed agent. Worse for him, it's not a powerful agent with tons of flexibility.

One question you might ask your matrix person is how he's distributing these bots. Is he placing them, or is he allowing them to be hidden in worms or other malware? Each method has strengths and weaknesses, most already noted.

Suoq gave you what is probably the best advice: make him give you details. Remember, YOU are the representative of the universe at large. If you do not grok it, it does not exist.

I am guessing he is working with a Agent running the Replicate autosoft, and with any kind of copy protection filed off.

Thing is that Unwired handles a botnet as something distinct from a bunch of rampaging agents.

If he has agents commanding agents, then point him towards the botnet section of page 100 and the replicate autosoft on page 113 of unwired. And perhaps also the section on Autonomous programs on page 110 that defines the limits of agent movement and collaborative efforts.

All in all it reads like your player is going for a agent smith setup (named for the character in the matrix movies, particularly the second and third), a idea/complaint that arose soon after the publication of SR4. Unwired added some details to try and curb this. First of all running copies of a agent share a access ID, unless the hacker takes time to spoof it when loaded onto a external node. This allows a target node to screen out all of those agents once one of them triggers an alarm. Second, note the Mook sidebar on page 101 of Unwired. Commercial agents do not do criminal acts out of the box, and they do not do well with complex tasks no matter their rating. Sidebar on page 102 may also be of interest.

So to sum up, what he is playing with is not a botnet in the Unwired sense. But a extrapolation of pre-Unwired rules and gray areas of those rules (in that there are no rules saying that a agent can not command agents of their own).

Ahh yes, you have identified the source of the problem. It is exactly the agent smith scenario. However. He is clever enough to have looked into:

From Unwired 111



I was dumb enough as a GM to tell them three months had passed.

So... 6 Agents (Rated 3) Patched (2 per Month, assuming average rolls on 16 Dice)?

2 becomes 4, becomes 8, etc. I think that is what he did. Becuase I think he used the recently copied agents to act as mooks to do change ID test. That may have not been legal though.

Yeah, I'd say changing IDs is outside normal operating bounds.

Agents do not have the software skill, nor can they get it. So yes, quite illegal.

I'll give it to him, it was a clever attempt at a work around. Thanks so much everyone for helping me figure out what he did.

The reason hes making so many now, is hes got all these different agents stored on his home nexi. It all makes much more sense now that I know this isnt a real botnet. I could not for the life of me make a connection between the botnet rules and what he was doing. Haha.

I think what Im gonna do, since his army of agents is uniquely based on the same mal-ware (replication auto-soft), is let Renraku to try to make a career comeback in seattle with a fantastic new anti-virus program with free demos. Get a fear campaign going against this guys agents. Where every wageslave/corp/etc starts buying into platinum plus versions of this software, etc.

If he's been going to all these dark alleyways in the Matrix, perhaps he's brought home an infection or two of his own?

Remember, anything the player can do to the world, the world can do to the player. (An ambush ambushed isn't very nice.)

There's still the issue that agents have built in Access IDs. This ID has got nothing to do with the node they're running on and is the same for every copy of said agent (which I assume is the case here, mass copied agents). A node only allows one agent to log on if more with the same ID try, even hacking won't get them in. This is all on page 102 in "Unwired" and roughly pictures your scenario.
Also, as said before, there's a limit on how many dice you get in teamwork. Usually, that's capped by the skill rating of the aided person, in case of an agent this would probably be his rating as he uses this instead of separate skills every time.
Mass and quick datasearches are easier and overall faster this way, of course. But I don't see a real issue of balance here as those are not as crucial as a mass hacking attempt. At the very least, to make it go faster you probably could get every agent his own archive to search. This way they bypass the interval for searches covering the whole matrix.
Having multiple packs of agents search for the same thing might give you the same results over and over. There's a limit on how many people can aid in a single test before it becomes ineffective. If you want to make multiple test, the searching packs are no longer linked to each other (because not doing teamwork any longer) - multiple results all over. Data floods can be a bitch.
Also, keeping a botnet safe and secret is way more difficult as it increases in numbers. A single agent might get exposed eventually. Does he really want this agent to carry sensible information like data search results or hacking attempts in case some authority figure takes a closer look?

Well, ninja'd by half a page. Damn, should've typed faster.

And the world have in theory infinite resources, if the character becomes uppity enough. And characters in SR are criminals, not heroes (at least not in the eyes of the powers that be).

Indeed. It also stops hackers from running agent powered programming factories.

I wish we had an example of how things like botnets worked the same way they do for things like char gen, when they actually step you through it in first-person mode.

My impression was that we do in Unwired. It's just that, really, they don't do much. Neither DOS or Mass Probe strikes me as that difficult. I don't believe they actually do anything else.

Fortunately, with everyones help I have mostly figured out what happened. What he was calling a botnet, was not a botnet at all. Hence my inability to figure out what he was doing. At the end of the day, the problem comes down to he did something illegal with his agents to create something the rules were designed to prevent becuase he confused a botnet with a long term project to recreate the Agent Smith scenario.



This is detailed even further in pages 110-111 of Unwired on the section about copying Agents. I kept missing this section becuase it doesn't discuss botnets. However, I remember him having needed time to set this thing up. So I stumbled into what rule he used. At the bottom of this section it discusses that you can change the internal access ID of an agent with a week logic + software (rating x3, week) extended test.

What he had done illegally was in allowing agents to handle that extended test for him. Thus instead of creating about 6 new agents max (like what was mentioned previously) he had 2 agents could be copied that would become four, etc. He then used resources to build a Nexxi to store all these copies of uniquely ID'd agents. The reason I didn't know"which nodes they were on" is he jsut used a couple of cheap comms he bought to run the process and fully had thought these were free agents he could just copy wherever, like he normally could.

Becuase of the structure of Unwired, he thought that this was a botnet. In reality he was not using a botnet at all, but instead had almost revived the "Agent Smith" problem.

Then of course I kept hearing the term "botnet" so in turn I kept looking over the rules and trying to figure out how he got what he had.



This is difficult, becuase you are totally right in that DDOS and Mass Probe are the only thing it provides rules for. However it heavily implies that a botnet can be used for more than that. On 88 the jackpointers recommend using botnets to manage a hacked traffic system, lower on the same page they discuss that corps use them to spead spam, ON 102 it discusses automating datasearches in the code zombie section, then on 100 there is this:



Based on this I see no reason any common program loaded on the botnet couldnt be used to some manner.

Again thanks for all the help. My problem is halfway solved. Now I just have to go talk to my already angry hacker and tell him I'm ruling against him on yet another issue.

The traffic system example likely implies each worm/agent of the net taking up residence in the peripheral node of the individual lights. This then allows the hacker to operate what amounts to a secondary control system of the lights via his botnet, rather then hack the central control node. Then he can just issue commands like "create a green wave from 4th to 15th, now!" and the botnets goes to work messing with each individual node on that stretch of road.

As for the spam, that is very real life. Each "zombie node" would be connecting to long lists of comcodes and such and delivering a preset message. And set up correctly the MSPs will simply see a mass of nodes making contact rather then a single big node pushing truckloads of data. A use that is likely pointless for a shadowrunning hacker, unless he has a side job pushing herbal viagra or something

Somethings I've found working with bot-nets that are worth remembering

1) The nodes these Agents are in likely have a response of 2 or, if you're lucky, 3. This means that an average Agent in the bot-net is rolling about 4 dice on tests, or 6 with Teamwork. If he has Optimization on all his Programs, that bumps that up a bit to 8 and 12.
If you enforce the diminishing returns rule for Extended Tests, the cat is more likely to want to use his own Data Search skill and have his bot-net augment it rather than having his bot-net do all his work for him, as he likely has a greater skill and, therefore, will get more out of a Teamwork test than his bot.

2) These Agents use his Access ID and can only take orders from that Access ID or whichever one's the hacker has allowed in the bot's script. This means that if your hacker spoofs his Access ID often, he'll have to change it back in order to issue orders to his bot-net. If he hasn't taken that particular AI Quality, it's even more dangerous.

3) Anyone who happens to find a copied Agent will be able to trace it back to your hacker though a myriad of methods from checking the bot's subscriptions, looking through the Access Log or simply analyzing the Agent's Access ID. It has to be able to communicate with your hacker and vice-versa. It is though this line of communication that a trail can be found. I guarantee your hacker will become a lot more cautions if you simply remind him of this and he'll likely dump the thing is you send someone after him because of it.
The only way I can think of around this is to use an Anonymization service which routinely erases it's Access Log. It's not something the player can do, because his Access ID will be the one which logged on and erased the access log. I guess you could try to use a proxy, issue your commands, log off, spoof your Access ID, hack in with Admin and erase the log...but I think I'd just pay the 300 a month.

4) GOD! My personal favorite, the Grid Overwatch Division. Since this cat is an AI, he should also contend with Artificial Resource Management. If that bot-net becomes too huge, it's going to be noticed by the Matrix police who can do everything from send a SWAT team to, more likely, just shut the whole thing down. It's a great storytelling tool and a useful way to introduce characters to the wider world of the Matrix though game play rather than narration.

All of those things are great suggestions! WOrking on bringing GOD in as soon as a iresume the game (after my vacation)

Agents cannot self-patch. Software is a skill forbidden to them.

Also, that test is to change ONE agents access id. Therefore, no recursive agent patching.



It also sounds like someone is forgetting to apply Program Degredation. If you break the Copy Protection on a program, in order to crack it or run multiple copies, or even to give your agents prograps in their payload - you deal with SOTA rolls.

Also, The Faq has some good information for you.


Additionally:

What I don't get is this:

Agents which are copied all share an access ID, which excludes the possibility of using them to hack one system using teamwork.

Botnets are nets of agents or worms, which supposedly are all copied and distributed in some way, and you CAN use them for a DDOS attack. Which is sort of a contradiction, because after the first bot connects, all the others should be refused.

I would tend to think that the Replicate Autosoft actually creates a new agent with a new access ID, or else worm and bot nets would NEVER ever work. Also, why would you even need Replicate when you could just copy the agent, or have the agent copy itself normally? Of course, this is not really what the RAW suggests.

These entire rules once again suffer from trying to balance them in some way, in order to make sure that agents remain expensive - when in fact, like with all software, you should be able to copy them easily. They should use the access id of the device they are running on, rather than have their own, or at least be able to start up with a new id every time.

Watch out, there is a little trick to Access IDs. They are assigned pr persona, not pr node.

Yep, for the longest time i thought that each node came with a Access ID. not so. The Access ID is attached to the person. So each persona spawned by a nexi will have its own Access ID.

This little detail shows up in the "behind the scenes" sidebar on page 53 of Unwired.

As for DDOS, the effectiveness of that comes from the issue that even if the node is just rejecting the agents it still has to process the initial login or data request. So to perform a DDOS attack one just need a big enough botnet to generate enough of these requests to overwhelm the processing capacity of the target node.

Oh, and a agent is normally forbidden form loading a copy of itself on a different node. Replicate gets around that. This likely in fluff by tricking the source node into thinking the agent have been wiped once the transfer to the target node have been completed. Lets not forget that agents normally either move from node to node by being transferred over, or reside in one node and log into multiple ones much like a persona can (yes, there is also the option of traveling with the persona of its owner. but i was limiting myself to agents operating outside the users node).

Actually both nodes and personas have access IDs (as well as other autonomous constructs). In fact the persona's ID is born of the originating node's ID. References to nodes having access IDs are few and subtle, but see Persona Access IDs on Unwired p.52 and Slaving on Unwired p.55.


It's more that agents are incapable of replicating themselves rather than being forbidden (Unwired p.111), but perhaps that's half-a-dozen of one and thirty-six-to-the-nought-point-five of the other. They do need Replicate, but Copy Protection will still prevent it (even if only on it's loaded programs, which are also replicated).

Here's one for a giggle - can anybody cite RAW that bans agents without Replicate (or even with it) from copying each other...?

Oh ye lovely inconsistent wording...

I am tempted to introduce the concept of Node ID just to get some mud out of the water

As for the other bit, there is a one line entry for a unrestricted agent on Unwired p100.

So what about worms? It does seem weird that all worms that spread themselves have the same access ID, yet they use the same rules as agents, or else you wouldn't need agents.

I think this is once again a case of wanting too much in one ruleset, and not thinking enough about consistency.

Most well-written viruses don't infect the same machine twice. The author would prefer the worm remain active and spreading as long as possible. Reinfection rapidly consumes all resources on the target machine, so unless your payload was running Nuke, doing so is counterproductive. Thus, the access ID restriction actually helps, since it prevents a Kilroy Was Here event.

Not necessarily



So its possible for an agent to piggyback off of another persona's access ID.
Also, an Agent carrying Spoof in its Payload should be able to make the Spoof(2) test to temporarily change its access ID.
It makes a bit more sense to me, because my group has gotten in the habit of using full-length commcodes, which have a certain format for where the call is coming from.


Also, regarding the inconsistent persona-vs-node Access ID - its not that of a far fetch for both to happen at once.
To use a real world analogy: Each machine has an IP address, but each user on that machine has a slightly longer address so you can tell them apart and get ahold of a specific user.
A better analogy would be an office extension number. You can reach this machine at ABC-XYZ-1234, and this user at extension 456.

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

In terms of worms and Teamwork tests, unless I'm very much mistaken, Agents needn't be in the same node to assist each other with things like data searching or trying to access the same node for a DDoS if they are loaded onto different nodes, they just need to be able to communicate with one another.

They can't assist each other with hacking or cybercombat, because that would require them to be on the same node, which can't be done because they share an Access ID. They can, while on different nodes, all call the same number at the same time, creating a DDoS. More than one won't be allowed on the node, but the access requests are what clogs the system. No contradiction that I can see.
Nor can I really see a problem with worms having the same access ID. As long as they all infect different nodes, how is that a problem?

It's easy to say that Agents should be able to duplicate themselves ad infinitum to represent computes as we know them, but that creates the Agent Smith scenario and makes the Matrix unplayable.
And don't forget that computers as we know them were crashed for being too slow and archaic. To complain about the difference between the Matrix and modern computing is like complaining that the Internet could never work because no one could keep track of all the punch cards. It's a vastly complex system explained as best it can in gaming terms.
Wibbly Wobby, Timey Wimey. This is my Matrix machine. It goes ding when there's stuff. Just go with it.

Sadly, what you're discovering is that they TRIED to fix agent smithing, but didn't really flat out prevent it.

The spoof test is allowed to anyone who can run the program, and you're actually wrong. You can use it on the commlink, and the personas running on it, and, as i pointed out earlier, agents loaded onto your commlink use the link's ID, not their own.

The extended unwired test is only for changing the permanent ID of an agent - much like you can use Hardware to spoof your commlink's ID(if you'd bothered to read the rules, you'd notice its a hardware or spoof (2) test) if you so choose.
The key difference is that the unwired test is not a spoof test; its logic+software, and furthermore its a patch which is an important distinction because software creation suites would not give a bonus to it.
You see, nothing prevents agents and IC from loading spoof, and many of the sample ic actually come with it preloaded. Once its loaded, assuming its a Mook, it can take any Actions available to it in its passes. Just like any other user.

That's would be the difference between low rating cracked civvy crap agents who can't get their hands on real hackware for their agents, and have to use the inefficient test because they don't know any better.


The ONLY entity in the matrix who is forced to use a more complex test to spoof their ID are AIs, and that is explicity spelled out as a spoof test. (RC 88)
Unfortunately for yoru arguement, Spoof tests and Software tests are not the same, but they are two distinct options, each with their benefits and drawbacks, and you're free to use either one.

I'm not.



Both the Hardware and Software test only change the Access ID of the commlink, through either the router or the commlink's actual hardware. A persona uses the Access ID of the commlink it's on, however an independent Agent keeps it's unique(i.e. one of a kind) Access ID as alluded to in the FAQs you quoted(and on SR4A p. 234.)
Plus, as you'll recall, Agents have no Software skill so they can't change the router nor can they change the hardware as they only exist in the Matrix. Calling it 'Spoofing' probably threw you off.

The other way you know I'm right is that statements of fact require no qualifiers.

Ok, just to clarify:

Spoof comes with a few different uses:

Spoofing a command to come from a different access ID (i.e. persona, with different user account priviledges): This is the one that agents should be able to do easily. Also, since I believe you run several identical agents on your commlink (because they are running as programs, not connecting), you can use those many agents to spoof a large number of commands, some of which will eventually get through. At the very least you can use several commlinks to run those agents, all of which try to spoof commands for you.

Spoofing your access ID for a matrix connection (this was apparently changed in 4A, in 4E this was actually a hacking+spoof for the commlink): This is a harder one, because if you spoof your access ID online, you are instantly logged off the matrix (as per Unwired P99), as all your connections are closed. Now what happens then? A commlink/persona simply reconnects with the new access ID, and it should stay spoofed until it logs off again. Interestingly enough, spoofing your access ID online uses hacking + spoof once again, as long as it is an opposed test with a IC, as previously in 4E. So if you were to have to use the RAW literally, you would have to jam your agent's connecting (to your home node) with IC, and then let it spoof, and finally reconnect.
But using common sense (yes, yes, I know...) I would assume agents can simply spoof their access ID online using Pilot+spoof, if you tell them to. Which means that as long as an agent is running independantly, you can run multiple copies with multiple access ids, all of which were spoofed by the agents themselves.

Using a proxy server: Theoretically, one copied agent running on x nodes could use x-1 proxy servers to receive x individual unique access ids, and use those to hack a system using teamwork. That's a bit more complicated, but since there is malware that sets up a proxy for you, and for some reason that is cheaper than real agents (I think), it's not such a big problem. You could also do it by hacking a few systems and use them to set up a few proxies. You lose some response though, either way, IIRC.

These things would all be simpler if the system were more consistent, i.e. if you actually added up ALL the possible influences on a test, rather than having certain things replace others.

For instance, instead of letting pilot replace skill, you should let it replace logic, and use a skill software, with an additional program for a specific task. (And use the same system for meat hackers/techos/etc.) Adjust thresholds to taste. Well...

No. Agents run a unique Access ID when running independently. If more than one of the same Access ID logs onto a node, the second one gets kicked off or deleted. You can run several on your persona, though that get's into subscription and System requirements.

Spoofing a commlink's Access ID requires a Software or Hardware roll, something an Agent can't do. Even if you were to use the old 4E rules, that would simply change a commlink's Access ID and not the Agents unique ID, as per Unwired.

A proxy doesn't change your Access ID, it simply makes it harder to trace your data trail by rerouting you through another node. Thusly, Agent's don't have their unique Access ID changed by a proxy server either.

You are welcome to use the old 4E rules for such things, but that is what Zarek was bemoaning. It is also what many a poor GM was bemoaning before Catalyst fixed this problem. It was a problem, but it has been fixed with a supplement and fixed better with a revision to the corebook. To complain about the inconsistency of old rules that have since been remedied is like complaining that LBJ needs to do something about this war in Vietnam.

Like a lot of things in Shadowrun, there are tons of anxillary and situational rules that curb abuse, but it's up to you as the GM to apply them.

Let's go over what limits agents and botnets

1) Processing power (if running on your node)
2) Subscription Limits (if running on any other node)
2b) Botnets bypass the subscription limits by grouping. That means every bot must be given the same command. This also means you can spoof the whole botnet with one command. Exactly the same as drones sharing a single subscription.
3) Agents are retards. They're not very smart, even with good scripting they tend to get hung up when faced with unexpected situations. There are rules for how "smart" an agent is based on it's rating. Use this.
4) Using a cracked agent to copy over an over means they ALL have the same access ID. This means only one can be in a system at a time (since repeat access ID's are denied from the server)
5) Botnets of any size have the same access ID. This means they cannot all hack a system, or even attack it. All they can really do is spam the system (DDOS), or scan the matrix for vulnerabilities (Mass Probe) because neither requires them to actually log on a node (and every one would fail after the first). They can also assist with Data Search, but not all that much better than just having a few agents can.
6) Agents are programs and degrade, upkeep costs required
7) Botnets not only degrade as agent programs, but bots are "lost" over time per the rules for botnets. They require even more upkeep.
Botnets require a botnet program to command them all. This means all bots of the botnet trace back to whoever commands them. Most people use proxy servers to bypass this risk.
9) It's possible to steal a WHOLE botnet. Botnet size #120 to #0 in one combat turn...
10) Botnets have their uses, but as spelled out in Unwired, due to redundancy and limits of their programming, even mega corporations use them sparsely. They're just not super effective. More, as noted by others, any spider who notices a full scale botnet DDOS can deny the entire botnet by tweaking the access permissions to deny an access ID, a range of access ID's, or even any Access ID not already specifically allowed.

I strongly suggest you re-read the whole section on agents in SR4a and Unwired. Not that everything becomes crystal clear, but you'll begin to see the limits of bots in general and botnets in whole.

P.S. - I didn't have time to read the entire thread, but I got through about a page and half, apologies to anyone who's already noted the above and most likely explained it better than I.

Since agents running independantly have their own set of matrix attributes (derived off the node they are running on just as a persona's are by the commlink employed by the user), and have their own icons, I don't see them as any different than "personas" in any identifiable way. Their pilot acts as the controlling instance (the skills), and everything else is matrix attributes, derived off hardware and software, the same as any matrix user.

Of course, they are still programs, running on certain processing power (the response rating of the node they are running on). Before they can run independantly, they have to be started up on some sort of computer, which I would say can also be the commlink of the matrix user himself, they are just not integrated into his persona, they are running on his node (his commlink has to be its own node, too, or else you could never hack one). They can then be transferred to other nodes, or move on their own. They then use the response of the other node.

On P99 of Unwired, it says this bit:


Now to me this means that there is still the possibility of using Hacking+Spoof to change an access ID, or else you would never be able to do that opposed test. And Agents are allowed to use their Pilot rating in place of the hacking skill. Now the question is what will happen to an agent that tries this? Will its process be killed, or will it just be logged off the node, and have to reconnect? I could argue that I can program my commlink to not kill the process when the agent that is running on my node (but not my persona) changes its access ID, and then let it reconnect to the node, in which case I now have an agent running on my node with a new access ID.

Of course, if you argue that its process is automatically killed, well, that's that then. However, I have another option, and that is multiple commlinks:

Each commlink is a new Persona, because the commlink determines my matrix attributes. So now I get a bunch of additional commlinks, and load up my identical copied agents (which are more expensive than the commlinks) into each commlink's persona. Then I spoof each commlink's access ID with a very quick test, and end up having several agents which are no longer identical, because each is running in a seperate persona with a new access ID. These I can then use as I wish.



Ok, I'm with you there.



The trouble is that the writers didn't just replace computers as we know them with a new magical computer matrix. They tried to extrapolate from what there is, and hence, people think things should still work as we know them. It's really a "it doesn't say I can't" problem, because people can create possibilities both from rule loopholes, as well as demanding that things work they way they think they should, because the options aren't clearly defined.

Earlier editions tried more closely to mirror the computers found in Neuromancer and later (funny, given that the author borders on a technophobe), but got decried by the IT-geeks of the crowd. With SR4 the person responsible for the matrix chapter used crash 2.0 as a opportunity to move things closer to real life. Out goes gray IC, in goes AR, end result is that the in your face threat of hacking/decking have gone away (unless your a TM or AI).