Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - klaxzygen

Pages1

Zenarmor (Sensei) / Re: Zenarmor blocking Telegram as Malware/Virus

October 05, 2025, 09:43:04 PM

response from zenarmor:
2 of them are existing in a list of virustotal as well. We will check the "149.154.167.50" again if it still has a malicious traffic then can change its category.

Code Select

https://www.virustotal.com/gui/ip-address/149.154.167.41
https://www.virustotal.com/gui/ip-address/149.154.167.51

Zenarmor (Sensei) / Re: Zenarmor blocking Telegram as Malware/Virus

October 05, 2025, 09:08:55 PM

Indeed, I've got the same, these 3 ips

Code Select

149.154.167.41
149.154.167.51
149.154.167.50

on ports 443 and 5222
so far all above IPs are blacklisted only on PlonkatronixBL

Intrusion Detection and Prevention / Re: Error with IPS activation

August 28, 2024, 07:24:59 PM

Deactivating HW offload and rebooting breaks the connectivity to internet and UI. I needed to login physically to firewall and stop the suricata service in order to access the UI again.

Intrusion Detection and Prevention / Error with IPS activation

August 27, 2024, 12:54:46 AM

Hello community,

I run opnsense [24.7.2] on Protectli Vault Pro VP2420 + zenarmor and have a very strange issue when I activate suricata IPS. Once activated it runs for a few seconds and then service crashes with the error below. IDS works fine, this happens only when I activate IPS mode.

Code Select

Error suricata [104135] <Error> -- opening devname netmap:igc1-0/R@conf:host-rings=4 failed: Device busy

What I did so far to troubleshoot was to disable all hardware offloading incl. CRC, TSO & LRO but that only broke the connectivity and access to UI and internet was gone.

The interfaces I want to active IPS on are VLAN interfaces and physical WAN interface.

Any help with getting this work is appreciated!

Thanks,
N

Pages1