Tunnel defense effective against Specters? [closed]

This is a fun one…DND 5E session.

Assume a 5′ corridor that if 25′ long leading to a dead-end (5 squares), and 5 party members (all medium size) fill each of those squares. A well armored tank as at the front, trying to defend the party. This is the scenario a party has encountered a bunch of times fighting various creatures. But never against incorporeal creatures.

The party is trying to hold off 7 specters being controlled by a Wraith.

Since the Specters are incorporeal and can pass through one another, as well as the players, as difficult terrain, are they limited to attacking the front-line only? I would rule yes, in theory, because you can’t attack from an occupied space:

What happens when allies occupy the same space?

That rule is a fundamental aspect of the tunnel defense / choke-point strategy, and in theory even works for these non-corporeal creatures, preventing them from being able to infiltrate the middle of the party, as there is no unoccupied space for them to attack from. The PC’s literally fill every available 5′ square. Pretty simple and clear cut I think.

But then, there’s the fact that the Specters can pass through walls…and that’s where they fun begins. They have 50′ of movement, so even through walls they can move 25′, attack blindly through the wall, and then return 25′ back. Muahhahaha. They could easily reach PC #2 and PC #3, although the two way in the far back would be safe (unless the Specter was willing to end it’s round in the wall and take the 1d10 Force damage).

Seem legit? I ruled that they would NOT take the 1d10 Force Damage for stopping to attack from inside the wall, because they did not "end their turn" on that space. That’s straight from the rules on Incorporeal Movement in their stat block. Do others agree? A few players weren’t happy lol.

However, things quickly got so crazy complicated from here, I quickly whiched that I had ruled they simply couldn’t do it. 😉

If allowed to attack, would they attack at Disadvantage since the specter can’t "see" through the wall? I ruled yes. However, since the PC can’t see the attacker (it’s in a wall!), the attack should be at Advantage, thus cancelling each other out!

But what if the PC saw the hand coming? You could offer a Perception vs. Stealth to see if the PC see’s the "hand reaching out", and if they did, then Disadvantage would be re-asserted, right? And if so, what if that PC is also Dodging and sees the hand come out? Should the attack then be at super-disadvantage (which we don’t have as a house rule and I avoid like the plague, although this one tempted me big-time).

The way I ruled it is those who were Dodging gained Advantage on their Perception check to see the hand coming. If successful, then the attack happened at Disadvantage. Therefore, there was a benefit to foregoing an attack to Dodge. However, even those who used their Action to attack still had a chance to see the hand coming if they made their Perception check, and if they did, the Specter attacked at Disadvantage. If they didn’t see it coming, the Specter attacked normally as it’s Advantage (attacking a creature who can’t see you) and Disadvantage (blindly attacking a creature you can’t see) cancelled each other out.

I’m really curious to see how others would have handled this. The party was quite shocked when their tried and true tunnel defense imploded upon them.

Also, this didn’t come up, but what if a PC in the back cast Daylight? I would have ruled that the Specters in the walls would not have suffered Disadvantage on attack from it, because they couldn’t see the light (it wouldn’t penetrate the walls). Only the specters attacking from up front would have been at disadvantage. This would have in turn driven them all to enter and start attacking through the walls (INT 10 after all)! Major backfire potential there!

Tunnel Connection Failed error when accessing WP site from external network

I have a LAMP server setup at home with wordpress. Static IP on the server and port 80 forwarded on the router to that server. Apache listening on port 80 and virtual host configured accordingly.

It was working fine but now when I browse to my domain gws.voyez.ca (that points to my public IP) browser just shows “Tunnel Connection Failed”. Oddly enough, I can still access pages in that folder (eg. gws.voyez.ca/test.html or gws.voyez.ca/phpinfo.php serve fine). This only happens externally; on internal LAN no issues. Have tried from multiple devices and different browsers.

It was working fine for a few weeks and just seems to have broken (no changes that I can think of).

Potentially ISP blocking something?

Thanks for reading.

Ian

Creating/Configuring an IP sec tunnel

Hopefully this isn’t too much trouble to get help on but here we go.

I am trying to create an IP sec Tunnel that connects two devices (VMs – Linux Centos). Now I mistakenly thought IP sec Tunnel meant VPN .. so I used openVPN (Application and protocol) and managed to get it to work fine.

Only issue is that I was told that is completely wrong as they are two different things. VPNs are one things and IP Sec tunnels are another.

My first question would be … what is the difference? Im guessing the encryption are different but not sure what else.

The second (and more important at least for me)… is there a step by step guide as to how to make one? — tunnel vs transport I would take tunnel but at this point any step by step guide would help. Also since this has to be done on VMs (one host is static IP and the others can change).. having a cisco router guide or something of the sort would not help me.

My Biggest confusion was that when I typed create ip sec tunnels on say youtube/google I get guides for VPNs and its wrong.

By step by step guide I mean :

sudo yum install Xyz or sudo apt-get install Xyz –insert more linux commands here etc…–

Thank you all for your help!

Is it possible to detect an ssh tunnel used to bypass full vpn tunneling?

Assuming that regular workflow involves:

  1. Client connects to our VPN (full tunnel)
  2. Client uses ssh to connect to a machine
  3. Via this ssh connection, client interacts with system.

If the user were to bypass the full VPN tunnelling by using an intermediate machine and then using that intermediate machine as an ssh jump host, are there any characteristics that could be identified within the local network?

As a sysadmin, can I detect this?

To expand further, how does this extend with ssh tunneling? Ie let’s say there is a service that is exposed out of the VPN using ssh tunneling?

Tunnel and Transport Mode in IPSec, is it possible to combine them?

I’ve been wondering between two cases,

1 – tunnel from A to C and a tunnel from B to D, would it be possible to send a packet for A to D?

2 – Transport from A to D, and let’s say tunnel from B to D

Would it be possible to send a packet in any of these cases?

I assume for case 1 it wouldn’t be possible because of SA, and decryption would get messy But for the second case, I mean, that does sounds logical to me..

Could you share your thought?

USB tcp tunnel app

I am needing to find a tcp tunneler that runs on USB. I need to be able to make a tunnel from my schools library PC, yes i am allowed to do this, to my home PC so that i can run sftp through said tunnel.

According to my ISP, they block the ssh and RDP service at their edge routers due to so much abuse in my state. BUT i am allowed to use tunnels to access my files according to their EUA and policies.

I wanted to try open vpn or hamachi but neither run off of a USB, they require some sort of admin rights.

So i need a tcp tunneler, that doesnt use ssh as its connection method, that will run off a usb, so that i can ssh to my house to get homework files without the edge router blocking it. I do know all port forwardings work because i have other servers that work just fine BUT ssh and RDP are blocked by ISP. I have confirmed this by calling them

any such thing? Switching ISP’s is not an option, i am not in control of that at my appartment… someone else is:) SO i have to work with what i got haha.

my system: win 10 16gb ram 5tb HDD BITVISE ssh server

thanks

DNS Tunnel or Not (g01.msn.com)

Thought I found DNS tunneling and but after a closer look it seems a bit more complex. Anyone seen this traffic before?

User starts their computer, launches firefox.exe, then they hit c.msn.com within the next second:

DNS Request Sample (171 total)

  • c-3sux78kvnkay76x24vx2egjyesvzuzoix2eius.g01.msn.com
  • c-3sux78kvnkay76x24masx2eix78ozkux2eius.g01.msn.com
  • c-3sux78kvnkay76x24cccx2erotqkjotx2eius.g01.msn.com
  • c-3sux78kvnkay76x24vdx2egjyx2erotqkjotx2eius.g01.msn.com
  • c-3sux78kvnkay76x24ijtpyx2eiruajlrgx78kx2eius.g01.msn.com
  • c-3sux78kvnkay76x24cccx2emuumrkzgmykx78boikyx2eius.g01.msn.com
  • c-3sux78kvnkay76x24iutzkdzagrx2eskjogx2etkz.g01.msn.com
  • c-3sux78kvnkay76x24cojmkzyx2ezx78kkx2eius.g01.msn.com
  • c-3sux78kvnkay76x24sytx2eruiqkx78juskx2eius.g01.msn.com
  • c-msn-com-nsatc.trafficmanager.net

Connections to many major CDNs (51) Amazon, Fastly, Highwinds, AOL, Verizon, etc

Reading up on trafficmanager.net, it seems to point to an Azure traffic manager owned by MS. https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1809-non-enterprise-editions

The URLs do not fit the bill for DNS tunneling as none of the URLs are unique to the internet: Last Updated 5 years ago https://www.virustotal.com/gui/domain/c-3sux78kvnkay76x24sytx2eruiqkx78juskx2eius.g01.msn.com/details

CDN connections could be explained by Windows or Firefox updates, but I am still perplexed by 171 DNS requests. The only thing written to file was into firefox’s prefs-1.js.

Does accessing a port on a remote server via ssh tunnel improve security?

The idea is the following:

I have a port open (P) on a remote machine (R) with a service application running which is listening on (P). I would like to connect from a client machine to the service application on the remote machine.

Possibility 1:

I leave the port open so I can connect directly from my client via the ip and the port to the service application on the remote machine.

Possibility 2:

I restrict the service application via firewall to localhost and forward (P) with an ssh tunnel to my client machine.

My own conclusion:

If I open the port of the service application across the internet, then I have to trust that it cannot be exploited for remote code execution on (R).

If I use an ssh tunnel, then I only have to trust that the listening ssh port cannot be exploited. The number of open ports is reduced and hence the attack surface (from my point of view). I would still be vulnerable if my client machine was compromised, but I’m accepting that risk anyway when using ssh.

Question:

So my question is, is my conclusion correct? Is it more secure to use an ssh tunnel and forward a port instead of exposing that port directly?

Do the Unearthed Arcana Tunnel Fighter Fighting Style and the Arcane Archer Fighter’s Grasping Arrow features trigger when standing from prone?

The Light, Dark, Underdark! Unearthed Arcana includes the Tunnel Fighter Fighting Style which states:

[…] As a bonus action, you can enter a defensive stance that lasts until the start of your next turn. While in your defensive stance, you can make opportunity attacks without using your reaction, and you can use your reaction to make a melee attack against a creature that moves more than 5 feet while within your reach.

And the Arcane Archer Fighter’s Grasping Arrow Arcane Shot feature states:

[…] The creature hit by the arrow takes an extra 2d6 poison damage, its speed is reduced by 10 feet, and it takes 2d6 slashing damage the first time on each turn it moves 1 foot or more without teleporting […]

What happens if the creature in question is currently prone, and stands from prone? Does this activate the Tunnel Fighter’s opportunity attack? Does this activate the 2d6 poison damage from Grasping Arrow?


Note I am aware that the following Q/A already exists:

  • Does standing up from prone trigger the damage from Booming Blade?

But I was told in my answer to another question that I cannot generalize answers there to conclude that standing from prone does not count as moving. So I am asking these separately instead.

I wanted to ask the question “Does standing from prone count as moving?” but was told that “There is no reason for the question “Does X count as Y?” to have a consistent, universally applicable answer.” and so have asked this instead.