I was recently reading this question, where the accepted answer claims that it is easy for attackers to bypass rate limiting that is based on IP, which makes any sort of IP rate limiting to prevent a brute force attack much less useful. But, if it is based on the account that is a victim, then it becomes very easy for an attacker to block access to a victim’s account. What is the best way to defend against both DOS attacks and online brute force attacks (and anything else that is in this same category)?
Simply sleeping for, for example, 1 second isn’t sufficient because the attacker can simply put in more requests before the first one finishes (1 second latency, but unbounded throughput, and throughput is what matters for brute force). If subsequent requests are blocked until the first one finishes, then they must be blocked per-IP or per-user, which produces the same problem.
2FA isn’t always a good solution either, because, for worse, many people fail to use it.
Yesterday i did nmap scan on my network and found two port open in my samsung led 32 inch tv. Which uses lan wire to operate. I tried to find out the ways i can exploit those port 7676 and 8080. So Does anybody knows how can i successfully exploit the tv and broadcast whatever i want to that tv without having physical access ?
According to the Basic Rules:
Initiative determines the order of turns during combat. When combat starts, every participant makes a Dexterity check to determine their place in the initiative order. The DM makes one roll for an entire group of identical creatures, so each member of the group acts at the same time.
Does that mean that the creatures of the same type share a turn, or only have the same initiative? If they go on the same turn, it gives a significant advantage to enemies with pack tactics, and makes “wakeup chains” against sleep/hypnotic pattern stronger.
An “opposed check” is a well-known kind of check in many games, when two opponents roll dice, add modifier and compare results. It differs from a convenient dice roll when you compare your result against a constant number (DC, target number or whatever).
There is also a concept of “passive check” in 5e when you just take 10 instead of rolling d20. An opposed check against a “passive” value effectively turns into a “simple” one, being made against a constant number.
Now, let’s say there are two sides makes opposed rolls using modifiers A and B. First one rolls d20 and adds A, while second one always uses constant number 10 + B. In terms of statistics, should these checks have the same hit/miss rate? —
- d20 + A as opposed to d20 + B
- d20 + A as opposed to 10 + B
I’d say rolling d20 is a little better than 10, since the average of d20 is 10.5, but my probability intuition isn’t very good.
In order to minimize number of dice rolls, if I change all opposed PCs vs. NPCs checks to “roll vs. passive” checks (players always roll, NPCs always use their passive values), how does it affect my games?
I came across a problem that I have no clue how to solve.
Consider two Monte Carlo algorithms, called A and B that both solve the same problem. A is true-biased and t-correct, while B is false-biased and z-correct. Show that you can combine both A and B to obtain a Las Vegas algorithm to solve the same problem.
Also, how would I find the best value of R, which is the probability of the las vegas algorithm to find the right answer? For this second part, how would I find this fictional value of R with no concrete example or data set, this question seems completely out of left field.
Thank you kindly for your time 🙂
I am creating a view where i have daily data of different items and each item has a state. I created a column that shows what the column was yesterday using
LAG(state) OVER(PARTITION BY item_id ORDER BY currentdate) AS yesterday_state
Now I want to count how long the state has been the same value and im doing so with this:
COUNT (CASE WHEN state = yesterday_state THEN state ELSE NULL END) OVER(PARTITION BY item_id ORDER BY currentdate AS state_age
This is working properly but I need to find a way to set the value back to 0 when state != yesterday_state
This all is happening inside of SELECT statement as I’m creating a view. How could I go around doing this so that the state_age sets to 0 when state is not the same value as yesterday_state
I’m creating a Troop of casters and wanted to know if they could both deal their “swarm damage” and cast a spell in the same turn.
It makes sense to me since an attack for a swarm reads as follows:
creatures with the swarm subtype don’t make standard melee attacks. Instead, they deal automatic damage to any creature whose space they occupy at the end of their move, with no attack roll needed.
This means they don’t spend their Standard Action to deal damage, it just happens because some of the creatures in the swarm are biting/hitting the target. That leaves other creatures available to do other things.
Am I missing some ruling against this?
Our fighter, Fred, is a high level fighter with multiple uses of the Indomitable feature:
Beginning at 9th level, you can reroll a saving throw that you fail. If you do so, you must use the new roll, and you can’t use this feature again until you finish a long rest.
You can use this feature twice between long rests starting at 13th level and three times between long rests starting at 17th level.
Let’s suppose Fred is targeted by the Hold Person spell. Fred rolls a 5 and fails the save. Fred uses one use of his Indomitable feature, to reroll the save, but still fails. Can Fred expend a second use of his Indomitable feature to reroll the save again?
Also, does this answer hold for the Champion and Warlord NPCs?
Indomitable (2/Day). The champion rerolls a failed saving throw.
Indomitable (3/Day). The warlord can reroll a saving throw it fails. It must use the new roll.
I have previously removed less secure ciphers from WHM (Web Host Manager) however it has been a while and I want to learn how to fish, not be handed a fish.
The trouble seems to stem from the fact that there is little-to-no consistency in how ciphers are referenced or even where they are defined.
WHM Cipher Definitions
Ciphers seem to be listed in two places: Exim Configuration Manager and Apache Configuration ⇨ Exim Configuration Manager.
- The Apache Configuration has a field “SSL/TLS Protocols” which is currently defined as
- The Exim Configuration Manager currently has a field “SSL/TLS Cipher Suite List” which is set to
Definition of Weak Ciphers
Here is the SSL Labs test for my domain. I have everything except TLS 1.2 and TLS 1.3 disabled and many less secure ciphers disabled. The test lists the following ciphers as being weak:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
I attempted to “translate” though after updating the values in both sections and running cPanel’s AutoSSL I still got the same results on the test.
Translating Cipher References
I attempted to reference the TLS 1.2 standard as well as some documentation from OpenSSL. I made numerous other search queries and spent hours reading through documentation, standards and forums without luck.
Here is my attempt to make the lists look more similar to each other:
From the Exim Configuration Manager:
From the SSL Labs Test to be removed:
The list says to remove two
ECDHE and the rest don’t have
ECDHE. In that example how do I remove something not defined? Secondly it suggests removing
CBC though that is not defined in the first list.
Desirable Answer Format
Learning is the detection of patterns so I’m really looking for an answer with a table where column A lists the ciphers from the SSL Labs test and column B references how they are referenced (to be defined (for stronger ciphers) and disabled for weaker ciphers). Just enough that I can detect the pattern of how the test references the same ciphers as Apache (or whichever software directly handles all of this). A good reference URL with such a table (and where on the page if it’s more than just a few paragraphs) would be very helpful.
It would also be incredibly useful to know how to have the server define a preferred cipher and to know which is considered the strongest if possible please.
The Order of the Mutant archetype of the Blood Hunter class has the ability to use mutagens to increase ability scores.
The rule for using mutagens reads in part:
As a bonus action you can consume a single mutagen, and the effects and side effects last until you finish a short or long rest, unless otherwise specified. While one or more mutagens are affecting you, you can use an action to focus and flush the toxins from your system, ending the effects and side effects of all mutagens.
So a Blood Hunter can clearly have more than one mutagen in effect at the same time, but could the Blood Hunter have the same mutagen in effect simultaneously?
Specifically, could a Blood Hunter use two instances of the Potency mutagen to increase her strength score to 26? I’m not sure if the rules for combining spells applies since the ability isn’t a spell (or even described as being magic).