dnd 3.5e – Can glyph of warding be cast on a weapon or ammunition so that an attack activates the glyph?

For my money/at my table:

The Glyph of Warding spell can be cast on either an object or an area. For the object version, only “opening the warded object” is mentioned as a valid trigger. As the question points out, being hit by an arrow or a sword is definitely not the same thing as trying to open an object (heck, the object is trying to open you)!

The Arcane Archer’s Imbue Arrow ability, fortunately for would be Glyph-cheese-practitioners, isn’t using the object-targeting version of the spell. As a matter of fact, the ability specifically requires that it be used with an area spell, and then casts that spell with its area centered wherever the arrow lands.

Here’s the relevant text concerning what can trigger a Glyph:

This powerful inscription harms those who enter, pass, or open the warded area or object. A glyph of warding can guard a bridge or passage, ward a portal, trap a chest or box, and so on.

You set the conditions of the ward. Typically, any creature entering the warded area or opening the warded object without speaking a password (which you set when casting the spell) is subject to the magic it stores. Alternatively or in addition to a password trigger, glyphs can be set according to physical characteristics (such as height or weight) or creature type, subtype, or kind. Glyphs can also be set with respect to good, evil, law, or chaos, or to pass those of your religion. They cannot be set according to class, Hit Dice, or level.

I see two possible interpretations here:

  • If “You set the conditions of the ward” means that you can have it trigger off of something other than someone trying to enter the warded area, then you can simply set the ward to the creature type of whatever you’re shooting at, and it will go off as soon as it lands.
  • If that sentence only refers to replacing the password portion of the trigger, then the Glyph won’t go off immediately, but will trigger as soon as the target takes any amount of movement, since I would say moving inside the area of a Glyph of Warding constitutes “passing” the ward.

I favor the first interpretation here, because “you set the conditions of the ward” reads like a blanket statement to me, and because it’s less clunky to use, but I could definitely see a DM going either way on this.

pathfinder 2e – How does Disarming Assault interact with the Multiple Attack Penalty?

Thanks for contributing an answer to Role-playing Games Stack Exchange!

  • Please be sure to answer the question. Provide details and share your research!

But avoid …

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.

To learn more, see our tips on writing great answers.

Need help understand ARP spoofing attack?

I am currently reading the network exploitation section of the book Hacking: The art of exploitation. The book covers ARP spoofing attack in brief, but doesn’t go over much detail.

Before starting I would like to tell what kind of system/peripherals I would be using.

  • I use a System that accesses internet via Ethernet Cable. i.e. I don’t have a router, due to which I directly connect the ethernet cable to my pc (PPPOE)
  • That cable goes to the electric pole, where it is connected to a switch. That switch also acts as an endpoint for other users like me as well
  • A lot of these switches are interconnected with one another

I do have a fundamental understanding of the attack (rectify if wrong), which in brief goes as follows:-

  • Run ARP protocol to get MAC addresses of all the live hosts in the local network

  • Poison the ARP cache of hosts by sending them ARP responses (on regular interval) stating that the IP address of another system is at our mac address

  • This will make them send packets which would have our MAC address in the Data-Link layer, and would reach us

I have many doubts (some regarding the above process, others are conceptual)!!

  1. In order to execute the attack we needs to have IP address of other local hosts. Which I just can’t seem to have.

    • I ran a Windows machine and tried using Advanced IP scanner, but ended up getting IP addresses associated to my pc (VM, Ethernet, Default Gateway).
    • Tried arp -a command, ended up getting a huge list of IP addresses of which 99% were static, few were dynamic. Some of them had MAC address entries, on others which was blank.

    So, How am I supposed to get the IP addresses of other hosts?

  2. The book mentions default gateways as a target. So what exactly is a default gateways (for my setup), And how does it work?

  3. Since we can poison the ARP cache to add entries to it, Is it (asking from a security perspective) possible to create entries to addresses that aren’t local!! For Example. Let’s say we have the IP address of 192.168.1.12 having mac 00:00:00:01, and a Facebook server has IP address 10.0.0.23. Is it possible to send a ARP response i.e. it will poison the ARP cache of a local user to make it seem like the address 10.0.0.23 is at mac address 00:00:00:01. Then would the packet sent over to the Facebook IP be delivered over to us? Or would it be filtered by the router?

  4. What is the address of the first node (to me) where my data is sent over to? Like for most users it would be their router (at a basic level), but since I don’t use one, what would be the first node through which my data goes?

P.S.:- Initially I posted this question on network engineering, but it got closed over there as they thought I am trying to hack a network. Firstly, I am using the above test in a controlled environment. Secondly, the questions are related to a lot more to securing stuff then to exploiting them. All I am trying to do is get a understanding about the underlying protocols.

Bitcoin over Tor and man in the middle attack: risks mitigated yet?

This paper explains how combining Bitcoin and Tor creates an attack vector. A man in the middle can control the information flow between all users who connect over Tor. This paper is from 2014. Has this sort of risk been mitigated by new engineering yet?

bitcoin core – I have been robbed after dust attack

Dear colleagues of the crypto community!

I am Roman Frolov (Vader), a private investor and trader, was subjected to a new version of a micropayment attack (dust attack) and was robbed of about 335.84997800 bitcoins in a cold wallet via supposedly Bitcoin Core access.

Stored bitcoins in a wallet generated in Bitcoin Kore (Knot). Earlier in the year 2015 I added private keys from BitcoinHD to Knotts and then to Core. I stored the listing of keys in a document archived in 7zip with maximum security settings and a long password.

Source of funds: buying bitcoin since 2012, participating in cryptocurrency HYIP projects according to the rules, trading on exchanges, including leveraging on bullran in BTC-E in 2017, got under the closure of the exchange and after a while received 80%, to this day I trade on Bittrex Global and Kraken. Followed the law, ethics and property rights. Didn’t steal a penny.

2021-01-06 18:39:38 hackers produced multithreaded output from 12 addresses:
15hT9GMi1ThhmJts24WKG1Jm3so7bmiuW4

16BjABjMQB8wshTVhTbQUqoPfKQi7sSNRM

15D9TctYq3DvK1eDmxWfp8FWP73a1a2hEA

1Gi7qn77XqtGknJ9dUc3yRAoRFgNXBQBiW

1EAN8MxjfmRToVwsoVtfSzRz2FsCN89unX

13P1YEZjPDTpCtaqMbTbhu6VB3csu3qsZu

19DrKeLdYd47wHvbhkvccYQ4fQNycfdzhL

15hT9GMi1ThhmJts24WKG1Jm3so7bmiuW4

16BjABjMQB8wshTVhTbQUqoPfKQi7sSNRM

15D9TctYq3DvK1eDmxWfp8FWP73a1a2hEA

1Gi7qn77XqtGknJ9dUc3yRAoRFgNXBQBiW

1EAN8MxjfmRToVwsoVtfSzRz2FsCN89unX

13P1YEZjPDTpCtaqMbTbhu6VB3csu3qsZu

19DrKeLdYd47wHvbhkvccYQ4fQNycfdzhL

1JLTq3VLiU4qY1DfC7fYs4N5g45HByjE8H

1CfEuYincqgWfMGvBx8o1ysArCSMQhqM4f

12hBEaVfHGRXL4HnFjrAdoWudKhWdCPaoU

1PsKsr8hR7DBKB9q76JZwhTwD5W5QWG9Fj

19zvjxagjet8PNiCk4D7ZjWqqfoaM2qdZG

Output was made in 601 transactions starting with the output address:
bc1qxuyrx3n86nu0l5mf7wv8fzgkwn4vmeh5lqm2je 0.00291700 btc

and ending with 1B1ztXtrbnLWjMFGqSaW22DpdEWwiaoUbN 15.85027800 btc

the output went up evenly up to bc1qsx9q4cfpp33y4vxwhmr85n43zzv2qs85pr2jvw 0.97108300 BTC

and then 15.85 B1ztXtrbnLWjMFGqSaW22DpdEWwiaoUbN 15.85027800 btc

I ask everyone who is involved in currency exchange to pay attention to the withdrawal addresses from my addresses and their derivatives at 6 january 2021, and freeze their use and return to the original sender,

I hope for your justice, Roman Frolov (Vader)

dnd 3.5e – Can an Invisible Blade Full Attack with all Sneak Attacks?

As far as I can see, rogues have no limit to their number of sneak attacks. Using the bluff skill to feint can make an opponent flat-footed, but since bluff only affects your next melee attack, and it takes a standard action, a rogue can only use this method to deal sneak attack damage once per round (once every other round if they don’t have a way to attack outside their turn)

Invisible Blade from CW, however, makes feinting a free action. Does this mean that, for example, a rogue 15/IB 5 can make a full attack, feinting once before each attack, to deal sneak attack damage four or more times?

bitcoin core – How to secure a blockchain based on PoW against 51% attack?

I couldn’t find a satisfying answer to this 51% attack issue, so for a new blockchain with only 300 mined blocks, from my understanding the attacker has to rebuild all the blocks from scratch, is that true, if yes then what if the blockchain has 100k or 300k blocks? is there a way to prevent or penalize a miner if he mines too fast? does having honest miners would solve the issue? what about multiple Full nodesI need practical solutions

dnd 5e – Ranger Beast Master’s attack bonus

It would replace the animal’s proficiency bonus. So for your example, it would be +7 for now, which will increase in the future as the ranger’s proficiency increases.

My answer is based on how proficiencies work in 5e. They don’t stack, in any application, under any circumstances. And it doesn’t even make any sense for a creature to have its own proficiency and the ranger’s proficiency, and have both apply. As with pretty much every other effect in 5e, if two of the same effect apply to a situation, only one can be used. Pick the better one of the two, and that is the answer.

dnd 3.5e – How to get your first 1d6 sneak attack without class levels?

Novice Shadow Hands

Novice Shadow Hands (ToB, p. 150) grant the wearer “the use of a single (Shadow Hand) maneuver for which he meets the prerequisite.”

Tome of Battle is clear that stances are maneuvers (p. 5):

A stance is a special type of maneuver.

The prerequisites for Assassin’s Stance are one known Shadow Hand maneuver and initiator level 5.

Thus, these gloves allow you to use Assassin’s Stance to meet Sneak Attack prerequisites at level 10 (assuming no levels in ToB classes) at the cost of one feat (Martial Study for any Shadow Hand maneuver), an improvement over level 12 and two feats.

At a cost of 3000 gp, these are well within the means of a level 10 character.

Assassination weapon property

The Assassination weapon property (+1 price equivalent), from part 3 of the Cityscape web enhancements, grants the following bonus:

An assassination weapon deals an extra 1d6 points of damage against a foe who is flat-footed or otherwise denied a Dexterity bonus to AC, or who is flanked.

This damage works exactly like sneak attack damage, but is not explicitly called out as the sneak attack ability. It is explicitly stated to stack with the sneak attack ability, however, with phrasing that sorta-kinda implies that the damage from the weapon property is sneak attack damage (emphasis mine):

If the wielder deals sneak attack damage from other sources, such as levels in the rogue class, the extra damage stacks.

Probably not as RAW-airtight as you’re looking for, but perhaps worth asking your DM if this is for an actual game.

pathfinder 2e – Is non-physical damage calculated separately from physical damage for a single attack?

You should do both, calculate and note each type of damage, but also apply the damage as a whole.

Most of the time, it won’t make a difference, because most creatures lack damage resistances or weaknesses. But of the creatures that do resist damage, they may have resistance to one type of damage, but not the other. Take the adult red dragon as an example. It has weakness to cold 15, and no special weakness or resistance to slashing. If you hit it with your axe for 8 slashing and 4 cold, it takes the 8 slashing, and increases the cold damage by its weakness value (a total of 19 cold damage).

At the same time, if you have to make a check based on the total amount of damage dealt, then you don’t make 2 checks, one for the slashing damage and one for the cold damage, you make one check based on the total of 27.

So the damage needs to be separated when applying it to weaknesses and resistances, then apply the final result as a single instance of damage.