dnd 5e – Does a froghemoth’s grapple attack prevent characters attacking it?

The Froghemoth has a 20′ Reach Melee Attack, which if successful, then (Volos, 145):

the target is grappled (escape DC 16) if it is a Huge or smaller creature.

Grappled reduces a creature’s speed to zero, so they would not be able to move closer to the Froghemoth.

This would remove any potential melee attack unless the creature has a 20′ reach.

They can still use any sort of ranged attack without any problem.

20′ reach does not mean you can attack the Tentacle grappling you

Without any sort of given mechanic that allows you to attack the tentacle (like the Roper), adding that to the monster stat block would be a Home Rule. The RAW is that tentacle is not a viable target for the Froghemoth. Losing the reach advantage would potentially be a very big change and should change the CR rating of the Froghemoth. Comparing the two, a Roper is CR5, while the Froghemoth is CR10. It’s a more powerful creature, let it be more powerful.

What’s the difference between Local and Physical attack vector in CVSS 3.1?

I’m reviewing CVSS 3.1 specification, recently.

I encounter the example below:

Sophos Login Screen Bypass Vulnerability (CVE-2014-2005)

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC)
5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate
attackers to obtain desktop access by leveraging the absence of a
login screen.

For this vulnerability, the attack vector parameter is set to Physical, but based on CVSS 3.1 description and specification, it should be Local.


The vulnerable component is not bound to the network stack and the
attacker’s path is via read/write/execute capabilities. Either: the
attacker exploits the vulnerability by accessing the target system
locally (e.g., keyboard, console), or remotely (e.g., SSH); or the
attacker relies on User Interaction by another person to perform
actions required to exploit the vulnerability (e.g., using social
engineering techniques to trick a legitimate user into opening a
malicious document).


The attack requires the attacker to physically touch or manipulate the
vulnerable component. Physical interaction may be brief (e.g., evil
maid attack(^1)) or persistent. An example of such an attack is a cold
boot attack in which an attacker gains access to disk encryption keys
after physically accessing the target system. Other examples include
peripheral attacks via FireWire/USB Direct Memory Access (DMA).

Do have I any misunderstanding here??

am I wrong??

ARP attack in guest wifi

ARP attack in guest wifi – Information Security Stack Exchange

attack prevention – Do modern routers drop malformed IP packets

A packet with a forged source address isn’t malformed; it’s well formed syntactically. So no router would drop it as “malformed”.

If the forged source address violates ingress or egress filtering rules – for example, if you send a packet with a 192.168.x.y source address to the outside interface of a NAT device which uses 192.168.x on the inside – then the router will drop it.

If the forged source address is just some random device on the Internet, then the router will process it normally. If “process it normally” means sending some data larger than the request packet back out to the forged source, then that’s what’s called an amplification attack.

pathfinder 1e – What order are individual attacks taken in during a full attack action, and does it differ between editions?

What rules apply to the order in which individual attacks are taken during a full attack action in D&D 3.0, 3.5, and Pathfinder?

I am specifically interested in RAW requirements on the order in which your iterative attacks and off-hand attacks must be parsed. Information on any common additional attacks (such as from cleave or haste) would also be appropriate.

For example consider these three sources of attacks in 3.5 (per d20srd.com):

Base Attack Bonus

A second attack is gained when a base attack bonus reaches +6, a third with a base attack bonus of +11 or higher, and a fourth with a base attack bonus of +16 or higher.

Two–Weapon Fighting

If you wield a second weapon in your off hand, you can get one extra attack per round with that weapon.

Improved Two–Weapon Fighting

If you wield a second weapon in your off hand, you can get one extra attack per round with that weapon.


When making a full attack action, a hasted creature may make one extra attack with any weapon he is holding.

So for 3.5, consider a character with two daggers, a BAB of 6, that feat, and under the effects of haste: they have five attacks from three “sources” (BAB, TWF, haste). In what order may the player take those attacks? Are they free to select any order, or strictly high to low total attack bonus (if so, how are ties resolved?), or BAB in order (same question on ties), or resolve each attack “source” in order but order the sources as desired, or some other thing?

Then, how does this change between D&D 3.0, D&D 3.5, and Pathfinder?

dnd 5e – Do the effects of the “beard” attack from a bearded devil interfere with recovering from the infernal wound from its “glaive” attack?

When a feature prevents its target from the regain of hit points, it does not prevent receiving healing.

No rule explicitly talks about a healing minimum, so we should assume that healing that features reduce to 0 still counts as receiving healing, similar to how receiving damage that features reduce to 0 counts as taking damage.

See Healing:

When a creature receives healing of any kind, hit points regained are
added to its current hit points.

Here we can explicitly see the logical distinction of receiving healing as a cause of regaining hit points. The order is explicitly not such that you need to regain hit points to receive healing.

Bearded Devil:

the target can’t regain hit points

Here we see that the beard attack doesn’t prevent healing. It only prevents the regain of hit points.

The glaive attack also has a specific inbuilt mechanic that doesn’t restore hit points and staunches the wound:

Any creature can take an action to stanch the wound with a successful
DC 12 Wisdom (Medicine) check.

Take Greater Restoration for example, a healing spell that does not restore any hit points but also explicitly removes such a condition.

  • One effect that charmed or petrified the target
  • One curse, including the target’s attunement to a cursed magic item
  • Any reduction to one of the target’s ability scores
  • One effect reducing the target’s hit point maximum

DDOS Attack to http server and iptables doesn’t help (i have access_log)

DDOS Attack to http server and iptables doesn’t help (i have access_log) – Server Fault

Is a BitLocker recovery key an unavoidable brute-force attack vulnerability?

Can a Bitlocker-locked drive be brute-forced within hours by guessing the recovery key by an actor with a supercomputer? With a couple of GPUs? (assuming Microsoft put as much effort as possible into that pseudo-random recovery key and didn’t insert any backdoors by reducing the already-miserable amount of randomness there)

I think you’re vastly underestimating just how big 2^163 is. If we do some crude maths and take an Intel i9-9900K (16 threads, 3.6GHz), and assume that it can try one AES key per cycle (because it has AES-NI), that gives us 57,600,000,000 keys per second, or 1,816,473,600,000,000,000 (1.8 × 10^18) per year. Which means that brute-forcing a 163 bit key would take 55,051,722,194,035,743,997,062,743,766,462,087,395,540 (5.5 × 10^40) years on a single high-end CPU.

Sure, you can throw more CPUs at the problem (GPUs probably won’t help that much, because they won’t have AES in hardware like CPUs do) – but you still not going to get anywhere near feasible.

So yes, a 48 digit key is less that 256 bits, but it’s still in the realm of being completely uncrackable. As a general rule, 128 bits is considered completely impossible to brute-force, and that’s unlikely to change.

But then something else struck me. When generating the key I didn’t move neither my mouse, nor pressed keys, nor was my computer connected to the internet. What else could Windows use for randomness? Thermistors on the chipset?

Exactly how Windows generates random numbers is complicated, but Microsoft published a whitepaper on it that would be worth reading if you want to know the details.

The short version is that you’re not going to guess them, and I don’t believe that there have been any serious flaws highlighted in their approach.

Is there an option to disable Bitlocker recovery keys?

This is a bad idea – there are all kinds of circumstances when you might need them (BIOS updates, some firmware updates, TPM issues, motherboard failure). If you do this, then I hope that you have good backups of your data (and that you’ve encrypted them with something just as strong).

pathfinder 1e – Does using scent to “note the direction” provoke an attack of opportunity?

Does a creature with the scent ability who uses their move action to note the direction of a scent provoke an Attack of Opportunity?

The Scent special ability allows that:

When a creature detects a scent, the exact location of the source is not revealed—only its presence somewhere within range. The creature can take a move action to note the direction of the scent. When the creature is within 5 feet of the source, it pinpoints the source’s location.

Scent’s description doesn’t say one way or the other, and I can’t find a general rule like “move actions generally do (not) provoke unless they say otherwise”. The description of AoOs says:

Some actions, when performed in a threatened square, provoke attacks of opportunity as you divert your attention from the battle. Table: Actions in Combat notes many of the actions that provoke attacks of opportunity.

The table is silent on scent. My next thought was to check Perception’s active use, but it’s mum on AoOs, too (simply “Intentionally searching for stimulus is a move action.”).

dnd 5e – Is the Artificer Armorer’s Extra Attack feature limited to the Arcane Armor’s simple weapons or any weapon the Armorer is proficient in?

The mechanics of the feature are described within the feature, you can attack using whatever you like

The Armorer Artificer’s 5th level Extra Attack feature states, in full:

You can attack twice, rather than once, whenever you take the Attack action on your turn.

If there were any restrictions in terms of what weapons you could use they would be included. An example of a feature that does include such restrictions is the Thirsting Blade Eldritch Invocation which states (emphasis mine):

You can attack with your pact weapon twice, instead of once, whenever you take the Attack action on your turn.

The mechanics of the Armorer’s Extra Attack feature are contained within the feature itself, there aren’t any hidden rules or restrictions. Well… except one from multiclassing:

If you gain the Extra Attack class feature from more than one class, the features don’t add together. You can’t make more than two attacks with this feature unless it says you do (as the fighter’s version of Extra Attack does). Similarly, the warlock’s eldritch invocation Thirsting Blade doesn’t give you additional attacks if you also have Extra Attack.

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheap USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Best Quality USA Private Proxies