Stealth, scanners and code gates [GUIDE]

Best strategies of building your network
User avatar
Fluffington
Posts: 104
Joined: Thu Sep 29, 2016 6:16 am
Location: Join the Hackers discord https://discord.gg/qquYZ6H

Stealth, scanners and code gates [GUIDE]

Postby Fluffington » Sun Nov 06, 2016 9:12 am

Introduction

One of the main concepts I love about hackers is the stealth mode. This mode allows you do steal resources, disable nodes, and even make a backdoor entry in the network before the network even realises you are there.

Of course, as defenders, we want to keep these stealthy hackers out of our network. But first, we have to learn how to use stealth and what the offensive programs do.

"Attack is the secret of defence. Defence is the planning of an attack." Sun Tzu

Note: This is NOT a stealth attacking guide. I am only covering what is needed to understand how to defend against it. I will NOT be covering stealth attack strategies

Stealth hack

If you have attacked ANY network before, you will know there is a preparation setup time for you to scout/plan your brute force attack. A stealth hack commences when you install an Access program and ends before the brute force attack starts (sentries start spreading anti-virus)

Here is an example of a stealth hack:
Image
This is before the stealth hack begins. See how at the top, I am still in setup mode (0:19 left)
I then install an Access program on the netConnection

Image
I then start placing more Access programs and start to move along the base. See how at the top it turns to "Access mode -:--" This means that I am doing a stealth attack.

In the picture above, if you are not familiar to stealth attacks, there will be a few things that are a bit new. I'll go through them.

Visibility bar

First thing you might notice is the long bar above the program selection. This is called a visibility bar. When the stealth attack starts, the visibility bar starts at 0:
Image

And ends at 3600:
Image

This is essentially a timer. Once the bar reaches 3600, the stealth attack is over. The attacker can not put any more Access, Data leeches, Wraiths, or Portals.

Note: Data leeches can still be installed on infected nodes in brute force mode to speed up downloads

This visibility bar/timer increases at a rate of 20 visibility per second. This means that the little number in the middle of the visibility bar increases at a passive rate at 20 per second. This is often referred to as visibility passive or passive rate of detection. (Credits to Candourlight and LadTy)

By placing stealth programs (Access, Data leeches, Wraiths, and Portals), this increases the bar by a certain amount depending on the program used.

Stealth programs

Again, before we start into defending, we need to know what each stealth program can do.

Access
"An essential program for stealth hacking. Access opens connection to neighbor nodes and allows you to install the Data Leech, Portal and Wraith programs without raising an alarm immediately."

Access programs allow you to "reach out to other nodes". This is hard to explain without pictures, so here are some diagrams.

Here is a network of nodes with the circles as nodes.
Image

An Access program is installed on the first node:
Image

This Access program allows other programs to be installed on the two yellow nodes.
Image

So now the yellow nodes are accessible. Then I can put another Access program to gain access to the last node:
Image

I could put ANY stealth program on the nodes that were yellow or red.

So essentially, the Access program opens up links to neighbouring nodes allowing for more stealth programs to be installed.

Visibility
Level 1 Access programs have a visibility of 162v/s and installation time of 1 second. This means that when installing an Access program, the visibility bar raises by 162v + the 20v passive. So in total, installing one Access program will raise the bar by 182v.

This number will be really important to understanding how scanners work later.

Data leech
"This greedy malware speeds up the downloading of money, B-coins and Core databases. May be used even in stealth mode on nodes you have access to."

Oh this is probably every farmer's favourite program. This can be used in both stealth attacks - on "accessed" nodes, and brute force attacks - on infected nodes.

Data leeches can seriously drain resources and as a defender, that's something you don't want as resources are one of the things you want to protect. Same goes for the core as stealth attackers can "snipe" your core for some free and easy reputation.

When the stealth attack is over (visibility bar reaches 3600), all Data leeches will be deleted but all stolen resources will be kept.

Visibility
Level 1 Data leeches have a visibility of 28v/s and the installation time of 1 second. Unlike the Access program, the Data leeches will keep adding 28v + 20v passive to the bar when it is active on the node (downloading resources) after the initial 28v + 20v passive of installation time. This means that installing one Data leech will raise the bar by 48v + (active/download time in seconds) x 48v.

Wraith
"Wraith silently disables the functionality of a node accessed by the Access program. Use Wraith to remove the largest threats on a target network."

Wraith is a stealth program that disables nodes - permanently. This includes taking down code gate "shields" like this:
Image

You may also notice the code gate has a faint purple glow. This means that the node has been Wraith'ed and disabled. When a node is disabled, it is like a node that is being upgraded/built by a thread, meaning that they will not spread antivirus to neighbour nodes. They can still receive antivirus though.

Like the Data leech, the Wraith can be installed on "accessed" nodes. But they cannot be installed when using a brute force attack.

Visibility
Level 1 Wraiths have a visibility of 135v/s and the installation time of 2 seconds. This means that for it to install, it will take up (135v + 20v) x 2 -> 310v

Portal
"Make a back door connection in stealth mode with the Portal program. A node with Portal installed becomes red. You may start your brute force attack from there."

Portals, once installed on a node, makes that node essentially a netConnection. Note that the node is not invulnerable like the netConnection and the number of program slots available depends on the node itself. E.g Portal on a Black ICE will have 5 program slots and Portal on evolver will have 3 program slots.

Here's an example of a Portal being installed:

First, I access my way to the Black ICE. It's red, so that means it has been "accessed"
Image

The portal starts installing:
Image

The portal finishes installing. Notice how the Black ICE is now completely red compared to before it had the Portal.
Image

Now I can start the brute force attack from the Black ICE (like a netConnection) and the stealth attack is over:
Image

Visibility
Level 1 Portals have a visibility of 55v/s and has an installation time of 6 seconds. This means that for it to install, it will take up (55v + 20v) x 6 -> 450v

Stealth defence

Now that we have learnt how the programs work, we have an idea of how to defend against them. There are a few methods that revolve around the idea of increasing the visibility bar faster. Most of them use the scanner and code gates to do this with some positioning methods.

The discord group and I thought up a couple of methods to decrease the amount of stealth programs installed by raising the visibility bar faster.

1
Firstly, get and upgrade a scanner.
Image

Recommended level is level 8+ (core 7 required). This does sound like a massive trek but it is well worth it. I've heard that people are saying that in order to defend against stealth attacks, you need to get a good scanner and that cost credits. Not true. All it takes is about 3 days of vulnerability and then you are safe for a long time.

I had to go through 3 days without a scanner as I was upgrading mine from 5 to 8 and everyone was using stealth against me because I was so vulnerable. But it's well worth it.

Image
Looks f*cking sexy too

Just over a night, this is what a level 8 scanner can do. No one got any major loot because they couldn't get to my resources using stealth:
Image
Image

Essentially, what a scanner does is, when it detects activity, like someone installing an Access program, it multiplies that activity's visibility while it's active.

For example, we can use the stats from the Access program:
Fluffington wrote:Level 1 Access programs have a visibility of 162v/s and installation time of 1 second. This means that when installing an Access program, the visibility bar raises by 162v + the 20v passive. So in total, installing one Access program will raise the bar by 182v.

And a level 1 scanner has a 120% sensitivity or a multiplier. So when the Access program is installed in range of the scanner (3 nodes away) like this:
Image
... The multiplier (120%) will activate.

That means that the Access program installation visibility cost is not 182v anymore. It's
[(162v x 120%) + 20v] x 1 second -> 214.4v
Note: Scanner does not affect passive visibility

That's an extra 32.4v per Access program installed added to your bar!
--------------------------------------------------------------------------------------------------------------------------------------------

Once you get a level 8 scanner though, you can really see the difference it makes. With a 220% multiplier, that's more than double visibility for each stealth program installed!

Using our Access program example again, when the Access program is in range of the level 8 scanner, the difference can be seen.

[(162v x 220%) + 20v] x 1 second -> 376.4v

That's an extra 194.4v per Access program installed added to your bar!

Let's put that into hacking context. A typical network has the furthest node 9 nodes away. That's 9 Access programs to get to the back (most likely where your resources/core are).

If all 9 Access programs were in range of the scanner, the 9 Access programs will use up
376.4 x 9 visibility -> 3387.6v

That's 94% of the 3600 visibility bar "wasted" on trying to get to the back of your base. I'll be honest and say that even I'm surprised at this maths. 94%, and it doesn't even take into account time sloppy attackers waste and other stealth programs being used.

TL;DR of point 1: Upgrade your scanner to level 8+

2.1
Place the scanner 3 nodes away from the nearest netConnection like this:
Image

This reason for this is so that when the stealth attacker starts the stealth hack, the scanner gets activated immediately and the multiplier can get to work.

Here's another example of placing the scanner 3 nodes in front of the nearest netConnection:
Image

2.2
For those people with two scanners, leave one un-upgraded at level 1. This will be used as a choke point. The other one should be towards the back for maximum coverage.

Here's a diagram explaining what I mean.
Image

As you can see, the weaker scanner covers the front 1/3 of the base while the stronger scanner covers the back 2/3. Just remember that if two scanners detect the same activity, only the stronger one will activate. So effectively, the weaker scanner really only covers two nodes.

Here's an example of a base using two scanners:
Image
(Thanks Candourlight for letting me use your network!)

As you can see, Candour uses the weaker scanner at the front as a choke point and the stronger scanner at the back to defend against stealth.

3.1
Use code gates to the maximum potential.

Code gate filters make it harder to put Access programs on them. With a level 1 code gate, it has a filter of 75%. This makes Access programs install 4x longer (4 seconds) raising the visibility bar even higher. With a level 6 code gate, it has a filter of 80%, making the Access programs install 5x longer (5 seconds).

Image

However, Wraiths can disable the code gate and completely ignore the filter. This means that the Wraith will always disable the code gate, the shield and the filter in 2 seconds. This 2 seconds will not be affected by anything like the filter.

In higher levels (20+), people will start to use Wraith and Access combos. They will disable your code gate, and then place the Access program and continue on into your base.
This does reduce the visibility for the attacker.

Option 1: Put Access program on a level 6 code gate (80% filter)
182v x 5 seconds = 900v

Option 2: Put Wraith on level 6 code gate then install Access to continue on
310v + 182v = 492v

But, not all hope is lost. Wraiths are not the end of the world for defending against stealth. Remember that they still have a visibility of 310v.
Fluffington wrote:Visibility
Level 1 Wraiths have a visibility of 135v/s and the installation time of 2 seconds. This means that for it to install, it will take up (135v + 20v) x 2 -> 310v

The attacker is essentially forced to Wraith the gate before moving on. That means, that's 310v to play with. What do you play it with? The scanner of course!

Let's bring our level 8 scanner back into the examples with a sensitivity of 220%. This time we will use level 1 code gates (75% filter) to calculate things. If the attacker tried to put a Wraith and an Access on...

Code gate out of range of scanner:
310v + 182v = 492v

Code gate in range of scanner:
(310v + 182v) x 220% = 1082.4v

That's a 590.4v increase!

So essentially, for each code gate next to a (level 8) scanner, it takes up 1082.4 visibility. With 2 code gates, that's 2164.8 visibility. Two nodes, and 60% of the attacker's visibility is used up.

3.2
That being said, make sure you don't split up your code gates. You want the attacker to get through 2 code gates instead of one.

Here's two diagrams to better explain it.

A "split" code gate setup:
Image

A "linear" code gate setup:
Image

4
Split up your resources. That way hackers need to access through more nodes. Again this is difficult to explain with words. So here are some more paint.net diagrams.

Blue nodes are resources.
Example of what not to do:
Image

With one Access, they can reach both of your resources
Image

Example of what to do:
Image

They need 3 Access to reach both your resources
Image
Image
Image

Again, we can take a look at Candour's network. Especially in the back section.
Image

This is a perfect example of what to do and what not to do. The code gate perfectly splits the resources up so that the attacker has to use two Access programs to get to the other branches.

But the bad part is that once the attacker reaches the database and server farm on either side, he can just use once Access to get to 3 different resources.

TL;DR section

That was one hell of a long post, so I'll summarise the defence points.

1. Buy and upgrade a scanner (lvl 8+ recommended)
2.1. Place the scanner 3 nodes away from the nearest netConnection
2.2. If two scanners, leave one un-upgraded at level 1. The other one should be towards the back for maximum coverage
3.1. Use code gates to the maximum potential
3.2. Don't "split" up your code gates
4. Split up your resources

Special thanks

Thanks to Candourlight for letting me use and abuse his base. He also helped give some tips on 2.2, 3.2 and 4
Thanks to LadTy for some general tips on Stealth attacks
Thanks to Nessimon for letting me hack him :P
Thanks to the discord group for encouraging me to make this guide.
Image
Username: Fluffington
Level: 3 (25/6/17) Yes I restarted
Core: 2 (25/6/17)
Country: Australia

User avatar
90skushkid
Posts: 107
Joined: Mon Oct 17, 2016 5:04 pm
Location: Cloud 9

Re: Stealth, scanners and code gates [GUIDE]

Postby 90skushkid » Wed Nov 09, 2016 8:57 pm

dopeeeeeeeeeee thread fluff. neva disappointed. :ugeek: :mrgreen: :mrgreen:
Image
IGN - 90skushkid
Lvl 29
Core 7
REP 500-600
IP - south florida.

"Smoke That Kush!" "Smokin in my Wraith, Drinkin on some Worms"
:mrgreen: :roll: :mrgreen:

4hmeth
Posts: 9
Joined: Wed Oct 26, 2016 3:22 am

Re: Stealth, scanners and code gates [GUIDE]

Postby 4hmeth » Fri Nov 11, 2016 11:59 pm

All hails!

GeneralSeay
Posts: 21
Joined: Thu Nov 10, 2016 12:39 am

Re: Stealth, scanners and code gates [GUIDE]

Postby GeneralSeay » Wed Nov 16, 2016 8:34 pm

I've got some questions regarding placement of code gates and scanners. If I only have 1 maxed out scanner (my other one is level 1) and I want to keep it overlooking my code gates should I put it and my code gates up front or in the back? Scanner and code gates up front would better defend against hybrid attacks that involved using wraiths on my security nodes but would allow any hackers a shot at an easy resource heist if they got past my scanner silently enough. Scanner and code gates in the back would hinder a portal attack but wouldn't do anything to stop wraiths from taking out my security nodes and then brute forcing from the front. Another thing to factor into this, if I place my code gates up front then antivirus won't reach them until it's too late and I know ensuring that antivirus reaches my code gates isn't a the highest priority but it would do some good for the times when I get brute forced by mass beam cannons.

friv17
Posts: 12
Joined: Tue Oct 25, 2016 8:18 pm

Re: Stealth, scanners and code gates [GUIDE]

Postby friv17 » Mon Nov 28, 2016 4:19 am

Excelent post.
You should make youtube videos =)

TUMAS
Posts: 28
Joined: Wed Nov 30, 2016 3:32 pm

Re: Stealth, scanners and code gates [GUIDE]

Postby TUMAS » Wed Nov 30, 2016 3:54 pm

IMG_4660.JPG
IMG_4660.JPG (113.24 KiB) Viewed 7990 times
Hi all,

First of all kudos on the content!

I'' having an issue with my network.. i am getting too many attacks via stealth..

Can I have your opinions on my network setup?

First scanner is default and the other one is being upgraded to level 8

User avatar
Silken
Posts: 277
Joined: Sat Oct 01, 2016 10:53 am

Re: Stealth, scanners and code gates [GUIDE]

Postby Silken » Wed Nov 30, 2016 4:10 pm

TUMAS wrote:IMG_4660.JPGHi all,

First of all kudos on the content!

I'' having an issue with my network.. i am getting too many attacks via stealth..

Can I have your opinions on my network setup?

First scanner is default and the other one is being upgraded to level 8


Your choke is weakened because you have a scanner going to a scanner. That choke should really be two Turrets and one black ice.

I would move your high scanner and have it hanging from your second code gate. I would also move your Core, if you want to protect your rep that's fine. But have it hang off your second code gate as well.

Your guardians are wasted as well. Either use them as a choke. Or use their shield on your defence.
Silken
Level - 54
Reputation Status Update - Farming is Dead :o

TUMAS
Posts: 28
Joined: Wed Nov 30, 2016 3:32 pm

Re: Stealth, scanners and code gates [GUIDE]

Postby TUMAS » Wed Nov 30, 2016 5:13 pm

Is this somewhere better? The core is there to keep rep up
Attachments
IMG_4663.JPG
Is this something. Etter?
IMG_4663.JPG (132.32 KiB) Viewed 7979 times

SxSnipeR
Posts: 46
Joined: Wed Nov 30, 2016 12:56 pm

Re: Stealth, scanners and code gates [GUIDE]

Postby SxSnipeR » Wed Nov 30, 2016 5:30 pm

In my opinion, put that upgrading scanner on your guardian near the core and you're sorted. That network looks horrible to come up against.

TUMAS
Posts: 28
Joined: Wed Nov 30, 2016 3:32 pm

Re: Stealth, scanners and code gates [GUIDE]

Postby TUMAS » Wed Nov 30, 2016 5:49 pm

Would putting the scanner next to the gurdian reduce the stealth attacks? Isnt it too far?


Who is online

Users browsing this forum: No registered users and 3 guests