My hacker PC is looking to setup his own Botnet. The trouble is, aside from the costs for buying/renting botnets, I don't see the prices for Botnet software (which the book says the agents needs to run in order to use the net instead of connections).
Similarly it talks about VPN (Vitural Private Network) Software, but it doesn't give any price/rules for them either.
Can I just consider each of these a Rating-less (IE: Rating 1) Hacker app? Is it in an Errata or FAQ? Am I bringing up a past flamewar here on the boards?
Full Version: Unwired: VPN and Botnet Software
I'm staying away from the botnet bit...
But essentially you form a VPN by running an encryption software on each node you want connected to it and then subscribing another node running encryption to it. Get a few of them together in a mesh and you have a private network... until someone busts your encryption. That's how I'd suggest you handle it. The rules are already well understood on how to run encryption and break it, and a VPN should have quality grades (poor for poor encryption to great for high level encryption).
But essentially you form a VPN by running an encryption software on each node you want connected to it and then subscribing another node running encryption to it. Get a few of them together in a mesh and you have a private network... until someone busts your encryption. That's how I'd suggest you handle it. The rules are already well understood on how to run encryption and break it, and a VPN should have quality grades (poor for poor encryption to great for high level encryption).
Alternately, you could run the VPN as a Common-Use program, that each node connected to the VPN must run. It functions as a Passkey system, but uses the software instead of a hardware passkey.
QUOTE (BlackJaw @ Nov 12 2011, 07:47 PM) 
Can I just consider each of these a Rating-less (IE: Rating 1) Hacker app? Is it in an Errata or FAQ? Am I bringing up a past flamewar here on the boards?
Rating-less would be much the same as the AR software in the main book.
As such, a botnet would be a bunch of unrestricted agents tasked with locating suitable hosts and installing a copy of themselves that connect back to the VPN that acts as a command central for the botnet.
As such, they likely behave pretty much like Worm type malware but outside any of the predefined forms found there.
So in essence, you need a unrestricted agent with Stealth, Exploit, Replicate and Encrypt as its rated payload and a unrated VPN program (real life botnets often use something as "seasoned" as IRC). Stealth to keep hidden, Exploit to gain access, Replicate to copy itself and Encrypt to at least keep casual onlookers out of the VPN. Other software can be deployed later via the VPN once it has been cracked, depending on what task one want the botnet to perform.
Once that is spec-ed out run it as a mass probe. Note that once one have enough agents seeded that their bonus equals the hacking skill of the operator, there is not much more benefit to be had.
QUOTE (hobgoblin @ Nov 12 2011, 02:58 PM)
Once that is spec-ed out run it as a mass probe. Note that once one have enough agents seeded that their bonus equals the hacking skill of the operator, there is not much more benefit to be had.
Distributed Denial of Service attacks require a lot of bots per point of Signal and System the target node has. 100+ bots will serve very well for such attacks, although they are the Hacker equivalent of calling in an artillery strike and can end up drawing a lot of attention toward your botnet if used on a target with the resources to track down the botnet. Still, being able to reduce a target node to a screeching halt with essentially a single command is very potent.Let's see... vs a 6 system 6 Response target you would need... 144 bots. To take on someting more potent, like a skilled hacker's rig... or military grade hardware.... well 200 or more might be needed. I could see the usefulness capping out at around 400+ which would be enough to take down even a high-quality military grade node.
Edited: It's System x Response x 4. No signal in the calculation so I removed comments about it.
Except i wonder how often a team hacker will have use for running a DDOS. Sometimes i wonder if part of the Unwired rules where written simply to have a stack of paper to slap Trollman about with...
I actually don't think I'll have trouble coming up with use for it.
As a simple action, I'll be able to render a node useless ("response 0, freezing all activity on the node"). Without having to drop into VR or hacking it first. All I have to do is spot it and then inform a reasonable portion of my botnet to smash it. I think that might be usefull vs a wide range of targets.
The problem with it is the lack of subtly. You're making a lot of (digital) noise smashing a single node, but I think it will be effective when used when subtle isn't needed: Enemy vehicles you want stopped right now, Smartlinked guns being used by people too foolish to use Skinlinks, enemy squad's tactical net with a central node (instead of distributed), etc. If shit's hit the fan and guns are drawn, why not smash a target's node? That I can do it from AR actually makes it a shoot out viable option: and yes I'm the on-site kind of hacker that has to help out in gun fights and car chases from time to time.
Of course I'm not so keen on using it vs corp assets because it will draw attention to the botnet, which they may have the resources to handle. I might be able to get away with crashing a corp hit squad's car or gun, but not the node for their research park, or base security checkpoint. And of course, those nodes not directly on the wireless matrix are immune.
As a simple action, I'll be able to render a node useless ("response 0, freezing all activity on the node"). Without having to drop into VR or hacking it first. All I have to do is spot it and then inform a reasonable portion of my botnet to smash it. I think that might be usefull vs a wide range of targets.
The problem with it is the lack of subtly. You're making a lot of (digital) noise smashing a single node, but I think it will be effective when used when subtle isn't needed: Enemy vehicles you want stopped right now, Smartlinked guns being used by people too foolish to use Skinlinks, enemy squad's tactical net with a central node (instead of distributed), etc. If shit's hit the fan and guns are drawn, why not smash a target's node? That I can do it from AR actually makes it a shoot out viable option: and yes I'm the on-site kind of hacker that has to help out in gun fights and car chases from time to time.
Of course I'm not so keen on using it vs corp assets because it will draw attention to the botnet, which they may have the resources to handle. I might be able to get away with crashing a corp hit squad's car or gun, but not the node for their research park, or base security checkpoint. And of course, those nodes not directly on the wireless matrix are immune.
Hmm, point taken. The idea of DDOSing a persons PAN in a fight have a certain appeal. Now i need to go back and refresh myself on the specifics, as i wonder how a rigger would deal with having his node taken out that way in the middle of a chase.
In order to use DDOS, you still have to actually get in first, right? If the node isn't accepting connections, they can't do anything. So, it's not quite a simple action. If the rules don't say this, surely they're wrong rules? … I see the rules take the crappy way out, and simply say "Second, it can try to block access from botnet access IDs or attempt to filter out all flooding traffic. The success of these latter options is largely up to the gamemaster’s discretion." Ugh. I don't see why any sensitive node wouldn't just have a whitelist, though.
QUOTE (Yerameyahu @ Nov 14 2011, 10:13 PM)
In order to use DDOS, you still have to actually get in first, right? If the node isn't accepting connections, it can't do anything. So, it's not quite a simple action. If the rules don't say this, surely they're wrong rules?
As long as it will acknowledge a connection has been attempted, even if it refuses to establish, that's all you need to DDoS someone. That, and a crap ton of resources and pings/ms. So long as the system doesn't have a multi server redundancy setup, it doesn't take much. You can lock down the average highschool/university network with 2-5 mid-high range computers, the IP address of the school's main router, and a few well written scripts.
EDIT1: This is current real tech and knowledge.
EDIT2: I did not do this...
I don't see why it would do that, though. Just only acknowledge whitelisted Access IDs, or hell, just cap the number of connections, period. You'd have to want to be hacked. Presumably, this is yet another mismatch between the abstract, intentionally unrealistic game world, and the impulse to include non-abstract elements from reality.
QUOTE (Yerameyahu @ Nov 15 2011, 04:25 AM)
I don't see why it would do that, though. Just only acknowledge whitelisted Access IDs, or hell, just cap the number of connections, period. You'd have to want to be hacked. Presumably, this is yet another mismatch between the abstract, intentionally unrealistic game world, and the impulse to include non-abstract elements from reality.
Even with that you can get a DOS : the targeted node need some time and processing power to check the incoming call agasint it's whitelisted adresses. Pour enough bogus connexions and the checking software will end up saturated, preventing a legit user to make himself known.
complement : the whitelist/suscprition limit will prevent the node from crashing, but if you can't acess it it won't do much good. Enough bogus connexions may even do a matrix equivalent of clogging the intake pipe and prevent an already connected user to communicate with the node, even if what he has already running will keep going.
While I agree that is one (and probably the normal) scenario, it seems possible for the traffic to be handled in other ways, including being 'functionally offline' once the legit connection(s) are established. Access ID spoofing would still work, of course. It also seems weird that Processor Limit doesn't really have an effect (which means that a nexus… is no better at being a high-traffic server. Huh?).
On the contrary, the difference between a frozen node and an offline node is huge, and it's applicable to the tricks mentioned above.
The alternative is anyone with a pretty cheap collection of nodes being able to do anything they want, as people described above.
On the contrary, the difference between a frozen node and an offline node is huge, and it's applicable to the tricks mentioned above.
The alternative is anyone with a pretty cheap collection of nodes being able to do anything they want, as people described above.
QUOTE (Yerameyahu @ Nov 15 2011, 04:53 AM)
While I agree that is one (and probably the normal) scenario, it seems possible for the traffic to be handled in other ways, including being 'functionally offline' once the legit connection(s) are established. Access ID spoofing would still work, of course. It also seems weird that Processor Limit doesn't really have an effect (which means that a nexus… is no better at being a high-traffic server. Huh?).
On the contrary, the difference between a frozen node and an offline node is huge, and it's applicable to the tricks mentioned above.
The alternative is anyone with a pretty cheap collection of nodes being able to do anything they want, as people described above.
On the contrary, the difference between a frozen node and an offline node is huge, and it's applicable to the tricks mentioned above.
The alternative is anyone with a pretty cheap collection of nodes being able to do anything they want, as people described above.
Now that you mention it, "being 'functionally offline' once the legit connection(s) are established" sounds a lot like Hidden Mode.
What about making a DDOD only really viable vs Active and Passive nodes, but not viable vs Hidden nodes? It also makes switching a node into Hidden a way to defend yourself vs it... although if you're a Matrix Business site, a Hidden mode means no business, hence they are the most vulnerable.
It would also mean that hacking a Hidden node to change it's status or to "add the botnet to the whitelist" would also make it vulnerable to attack, which seems reasonable.
Makes sense to me.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.