Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: shirogr@*****.com (Shiro BsquLadat)
Subject: Security deckers and the locate decket operation
Date: Thu, 17 Mar 2005 13:18:29 -0800 (PST)
I have a little problem with a player of mine over the
matrix and I would like your help.The situation is
this:
He broke into The Lone Star host in search for a file
and triggered a security decker due to his tally.Now
the question is this:does the security decker know
automaticaly where the invader is or does he have to
perform a Locate Decker operation?
If he has to perfom one to find the Decker and engage
him, then the rules say that he must make a system
operation (which he succeeds automaticaly) and then
make a Sensor test with a TNÞcker's
Masking+Sleaze.Now, the average decker with a deck of
7 or 8 will have a TN or 16, making the whole point
mute 9 times out of 10.So a security decker has the
same usefullness in a system as the vending machine
down the corner with these rules.
How do you handle this?
Just for the record, I let them make the operation but
they get to use their Lock-on utility to reduce the TN
on this particular sensor test.In the case I describe
above, the sec-Decker kicked the Player's butt back to
the stone age (the player had a stealthy deck, no
attack utilities and he falled the evasion maneuver).


"I have no use for people who have learned the limits of the possible"
-Terry Pratchet, The Last Hero

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Message no. 2
From: loneeagle@********.co.uk (Lone Eagle)
Subject: Security deckers and the locate decket operation
Date: Thu, 17 Mar 2005 22:44:33 +0000
At 09:18 PM 3/17/2005, Shiro wrote:
>I have a little problem with a player of mine over the
>matrix and I would like your help.The situation is
>this:<Snip>
>make a Sensor test with a TNÞcker's
>Masking+Sleaze.Now, the average decker with a deck of
>7 or 8 will have a TN or 16, making the whole point
>mute 9 times out of 10.So a security decker has the
>same usefullness in a system as the vending machine
>down the corner with these rules.
>How do you handle this?

For a start I allow the decker to complete that turn's worth of actions,
including dealing with any IC that's around while the security decker jacks
in (I rule that security deckers aren't online all of the time, the
problems of jack itch...etc mean that while they monitor the system on and
off and probably via VDU between times they're unlikely to be jacked in at
any given moment).
They then make the test, using their scanner utility as normal - and don't
locate the infiltrating decker until they succeed (they're pulling up lists
of operations and checking off those which are verified as being performed
by authorised personnel, running their SOPs and generally doing all the
same sort of stuff as the poor ol' decker had to do to find what he's after
(and probably what racked up his security tally)).
On occasion (and only after I found out that the IT department at work do
the same thing at lunch times) I have annoyed the infiltrating decker in
the process by cutting the system bandwidth (thereby limiting the amount of
processing power he can bring to bear, my on the fly ruling (which has
stuck) was that it downrated the system (the reduced bandwidth caused the
IC problems as well) by one step (red to orange, green to blue) but also
limited the rating of the utilities and programs (including persona
programs) that the decker can use to half the system rating (the numerical
part) or they would suffer major lag and rack up more security tally -
making it even easier to kick him back to the stone age.

Maybe I'm easy on deckers, I don't know...


--
Lone Eagle
"Hold up lads, I got an idea."

www.wyrmtalk.co.uk - Please be patient, this site is under construction

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GE d++(---) s++: a->? C++(+) US++ P! L E? W++ N o? K? w+ O! M- V? PS+ PE-()
Y PGP? t+@ 5++ X- R+>+++$>* tv b+++ DI++++ D+ G++ e+ h r* y+>+++++
-----END GEEK CODE BLOCK-----

GCC0.2: y75>?.uk[NN] G87 S@:@@[SR] B+++ f+ RM(RR) rm++ rr++ l++(--) m- w
s+(+++) GM+++(-) A GS+(-) h++ LA+++ CG--- F c+
Message no. 3
From: nightgyr@*********.com.au (Smoke)
Subject: Security deckers and the locate decket operation
Date: Fri, 18 Mar 2005 10:12:44 +1100
> Just for the record, I let them make the operation but
> they get to use their Lock-on utility to reduce the TN
> on this particular sensor test.In the case I describe
> above, the sec-Decker kicked the Player's butt back to
> the stone age (the player had a stealthy deck, no
> attack utilities and he falled the evasion maneuver).

Speaking as someone who used to be a modern day security decker for a living
(as part of my old job) I can tell you right now that on a large system it
is bloody near impossible to find an intruder who is covering their tracks
properly. Ive done it once and immensely enjoyed the Ive-browned-my-pants
look that every single manager within earshot had, both in my company and
the company whose system I was monitoring. That guy was no slouch, but once
you know where they are the tables turn and the security decker will have no
trouble chasing the intruder around the system - or even back out to his
"home".

I only wish I could have seen the hackers face too....

In the game, I wouldnt make it any harder on the poor deckers under the
standard rules anyhow. Tally racks up far too quickly for a game, even if it
would be realistic'ish. No need IMHO to let security deckers get an
unrealistic boost in their ability to find the decker.

Also, remember that if you allow lock-on to work then you should by rights
allow the cloak utility to counteract it.

Smoke
Message no. 4
From: scott@**********.com (Scott Harrison)
Subject: Security deckers and the locate decket operation
Date: Fri, 18 Mar 2005 14:16:30 +0100
On Mar 17, 2005, at 22:18, Shiro BsquLadat wrote:

> I have a little problem with a player of mine over the
> matrix and I would like your help.The situation is
> this:
> He broke into The Lone Star host in search for a file
> and triggered a security decker due to his tally.Now
> the question is this:does the security decker know
> automaticaly where the invader is or does he have to
> perform a Locate Decker operation?
> If he has to perfom one to find the Decker and engage
> him, then the rules say that he must make a system
> operation (which he succeeds automaticaly) and then
> make a Sensor test with a TN=Decker's
> Masking+Sleaze.Now, the average decker with a deck of
> 7 or 8 will have a TN=14 or 16, making the whole point
> mute 9 times out of 10.So a security decker has the
> same usefullness in a system as the vending machine
> down the corner with these rules.
> How do you handle this?
> Just for the record, I let them make the operation but
> they get to use their Lock-on utility to reduce the TN
> on this particular sensor test.In the case I describe
> above, the sec-Decker kicked the Player's butt back to
> the stone age (the player had a stealthy deck, no
> attack utilities and he falled the evasion maneuver).
>
>
I would assume as the security decker tries and tries to find the
invading decker he may be sweating a bit as his bosses become aware
that he is not doing his job, and perhaps he'll put a little of his
karma into his rolls.

I would probably say that any more points on the invader decker's
security tally that are gained AFTER the security decker is called
could be used to make the TN easier to find the invading decker since
the security decker probably has the system record where problems occur
from that point on.

--
·𐑕𐑒𐑪𐑑
·𐑣𐑺𐑦𐑕𐑩𐑯 Scott
Harrison PGP Key ID: 0x0f0b5b86
Message no. 5
From: shirogr@*****.com (Shiro BsquLadat)
Subject: Security deckers and the locate decket operation
Date: Fri, 18 Mar 2005 07:31:55 -0800 (PST)
Thanks for the info guys, but doesn't this make
security deckers obsolete?Why should you pay 1million
plus or maintain the GOD of the corporate court if
they cann't find an intruder when the system tells
them that one is inside?How can you trace a decker if
you cann't even find his icon?And don't forget the
Validate Account action.A decker can access a system
and then Validate a password without a sweat.So he
doesn't even have to make more than 2 or 3 test in the
system,anyway.
Oh, I also use the optional rule that you can supress
IC with dice from your Hacking pool, so DF doesn't
drop easily.

"I have no use for people who have learned the limits of the possible"
-Terry Pratchet, The Last Hero



__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
Message no. 6
From: efreeman@*****.net (efreeman)
Subject: Security deckers and the locate decket operation
Date: Fri, 18 Mar 2005 19:50:52 -0800
>I have a little problem with a player of mine over the
>matrix and I would like your help.The situation is
>this:
>He broke into The Lone Star host in search for a file
>and triggered a security decker due to his tally.Now
>the question is this:does the security decker know
>automaticaly where the invader is or does he have to
>perform a Locate Decker operation?
>If he has to perfom one to find the Decker and engage
>him, then the rules say that he must make a system
>operation (which he succeeds automaticaly) and then
>make a Sensor test with a TNÞcker's
>Masking+Sleaze.Now, the average decker with a deck of
>7 or 8 will have a TN or 16, making the whole point
>mute 9 times out of 10.So a security decker has the
>same usefullness in a system as the vending machine
>down the corner with these rules.
>How do you handle this?
>Just for the record, I let them make the operation but
>they get to use their Lock-on utility to reduce the TN
>on this particular sensor test.In the case I describe
>above, the sec-Decker kicked the Player's butt back to
>the stone age (the player had a stealthy deck, no
>attack utilities and he falled the evasion maneuver).

Snerk? Isn't detection = (Masking+Sleeze)/2 ?
That makes the test 8 or so; with masking mode + allocating pool dice to
detection you are still looking at a 12 or so. There are a bunch more
utilities that can get involved, but let's say a 12.

Now look at it this way: the security decker is rolling 4 comp skill +
4 pool dice each turn. You'd expect to have to roll 36 dice to get hit
a 12 TN. At 8 dice a turn, that's 4 or so turns to find the guy.

4 turns isn't so bad, is it?

==í
Message no. 7
From: shirogr@*****.com (Shiro BsquLadat)
Subject: Security deckers and the locate decket operation
Date: Sat, 19 Mar 2005 16:06:19 -0800 (PST)
--- efreeman <efreeman@*****.net> wrote:
> Snerk? Isn't detection = (Masking+Sleeze)/2 ?
> That makes the test 8 or so; with masking mode +
> allocating pool dice to
> detection you are still looking at a 12 or so.
> There are a bunch more
> utilities that can get involved, but let's say a 12.

The starting decker has a 6 MPCP deck and sleaze 6, so
the TN is 12 in the worst case.And what do you mean
with allocating dice to detection?

> Now look at it this way: the security decker is
> rolling 4 comp skill +
> 4 pool dice each turn. You'd expect to have to roll
> 36 dice to get hit
> a 12 TN. At 8 dice a turn, that's 4 or so turns to
> find the guy.
>
> 4 turns isn't so bad, is it?

Well, in 4 phases a half-decent decker is out of the
sustem or has Validated an account.So we are back at
the beginning.

"I have no use for people who have learned the limits of the possible"
-Terry Pratchet, The Last Hero



__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
Message no. 8
From: loneeagle@********.co.uk (Lone Eagle)
Subject: Security deckers and the locate decket operation
Date: Sun, 20 Mar 2005 10:14:31 +0000
At 03:31 PM 3/18/2005, Shiro wrote:
>Thanks for the info guys, but doesn't this make
>security deckers obsolete?Why should you pay 1million
>plus or maintain the GOD of the corporate court if
>they cann't find an intruder when the system tells
>them that one is inside?How can you trace a decker if
>you cann't even find his icon?And don't forget the
>Validate Account action.A decker can access a system
>and then Validate a password without a sweat.So he
>doesn't even have to make more than 2 or 3 test in the
>system,anyway.
>Oh, I also use the optional rule that you can supress
>IC with dice from your Hacking pool, so DF doesn't
>drop easily.

For a start they snag all the amateurs who hack in - those who aren't
running on ludicrously expensive and highly illegal cyberdecks.
They also have a lot of weapons in their arsenal, they can throw a tonne of
IC into the system, their Scanner utilities will be as good as they can
justify to the grey suited men in accounts...
Remember that some of the time they will chase down system ghosts,
legitimate users playing Paranormal Crisis (TM) when they're supposed to be
working... etc because the system tells them that something's wrong - it
isn't always a decker.
Given a half decent Computer score it should only take a few actions to
generate a success, which given response increases is a matter of seconds.
If an infiltrating decker is good enough to show on the system for only a
few seconds then...

Rememeber also - particularly if a decker relies too much on a validate
utility - that Security Deckers will often check through the accounts
lists, matching accounts to employees, deleting obsolete accounts...etc.
and should they find a decker's validated account they can tag it with a
tonne of IC, next time the decker logs on they might be surprised when half
a dozen trace IC programs race back toward their jackpoints, a psychotropic
Black rears up into their face and the system goes onto immediate Active Alert.


--
Lone Eagle
"Hold up lads, I got an idea."

www.wyrmtalk.co.uk - Please be patient, this site is under construction

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GE d++(---) s++: a->? C++(+) US++ P! L E? W++ N o? K? w+ O! M- V? PS+ PE-()
Y PGP? t+@ 5++ X- R+>+++$>* tv b+++ DI++++ D+ G++ e+ h r* y+>+++++
-----END GEEK CODE BLOCK-----

GCC0.2: y75>?.uk[NN] G87 S@:@@[SR] B+++ f+ RM(RR) rm++ rr++ l++(--) m- w
s+(+++) GM+++(-) A GS+(-) h++ LA+++ CG--- F c+

Further Reading

If you enjoyed reading about Security deckers and the locate decket operation, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!