Slyguy

Level 42
Verified
Here's an interesting worldwide printer hack;
Someone hacked printers worldwide, urging people to subscribe to PewDiePie

Of course, Gryphon would protect you from this. The problem is, almost all printers are insecure with a variety of open ports, and those open ports extend out the WAN in most cases. (and it's often 22 - ssh and 80 - http) We will use my printer for example, and I will give you a couple different ways of dealing with this if you own a Gryphon. (aside from Grys automatic protection that is)

If in Gryphon you designate it as a printer, this will enable the machine learning IPS on the device. It will also scan the device for open ports and vulnerabilities. At which point Gryphon is STILL going to protect the device. However you can 'Quarantine' the device which will lock it down and list it as an at-risk and apply policies to protect it;

g1.jpg g2.jpg

What I like to do is toss all of my devices I need absolute protection for - that is - NO WAN activity, and put them into a User Group on Gryphon where I have fully paused (24/7) the Internet for them so there is no chance they can communicate outside of the network. This is great for vacuums, cameras, lightbulbs, whatever but especially printers. To do this just categorize those devices as computers, then toss them into the paused internet group and you are good to go.

g3.jpg
 

azt7

New Member
To remove some skepticism, I spoke to a few people at ESET (The company I work for has the highest level ESET business Partner) and they confirmed that Gryphon uses their business engine in certain layers.

Looking at all the feedback here, I actually find it weird to compare Gryphon to the Bitdefender Box 2 or Norton Core or F-Secure Sense. Gryphon seems to truly be in a league of his own. I have been looking for such a device for a long time and I'm now convinced it's the real deal !

As a side note, my phone ´´back´´ camera is messed up. Is it possible to scan the QR code with the ´´front´´ camera ?
 
Last edited:

Pickettroy1991

New Member
Hi, I am a newbie with this router but I want to try, coz my recently wireless router with this IP address: 192.68.1.1 not responding, that's why I need to buy a reliable wireless router with fast connecting to my device also affordable... I need somebody's assistance of where to buy... thanks!
 

esoteric24

Level 1
Hi, I am a newbie with this router but I want to try, coz my recently wireless router with this IP address: 192.68.1.1 not responding, that's why I need to buy a reliable wireless router with fast connecting to my device also affordable... I need somebody's assistance of where to buy... thanks!

amazon: search gryphon router
 

Slyguy

Level 42
Verified
Hi, I am a newbie with this router but I want to try, coz my recently wireless router with this IP address: 192.68.1.1 not responding, that's why I need to buy a reliable wireless router with fast connecting to my device also affordable... I need somebody's assistance of where to buy... thanks!
192.68.1.1 isn't a valid local IP address. It's 192.168.1.1. Assuming your router has that as the gateway. Also, you may want to consider not using 192.168.1.1 for cross scripting attack considerations. There is a reason Gryphon defaults to 192.168.9.1, and you can change it from there. Also realize, I do not know any IT Pro that uses 192.168.1.0/24 any longer. 172.16-172.32 isn't popular much these days, so usually people people 192.168.2.0/24 through 192.168.255.0/24 for a range.

In more complex situations, usually local subnet ranges are assigned on segregation principles, such as;

192.168.10.0/24 (LAN, Wired0
192.168.20.0/24 (Wireless Internal)
192.168.30.0/24 (Wireless Guest)

Etc... Long winded, but figured I would throw out why some better router firms don't use 1.1 anymore.

PS: Gryphon is on Amazon.
 

techmary

New Member
Hi, I am a newbie with this router but I want to try, coz my recently wireless router with this IP address: 192.68.0.1 not responding, that's why I need to buy a reliable wireless router with fast connecting to my device also affordable... I need somebody's assistance of where to buy... thanks!
:emoji_ok_hand:
 

Slyguy

Level 42
Verified
New Firmware and App out. Some nice features!

Router Version: 2.0056.37
App Version: 16.09.

Note: This update improves wireless mesh performance. Updating the mesh repeaters may take some time. Please keep the repeaters powered up during the upgrade.

Ethernet Backhaul support for mesh network. In addition to wireless, you can now use wired connection to link up your mesh repeaters. This is helpful for homes with metal or concrete walls

Enhanced radio configuration for improved mesh coverage

New mode (Settings> Block new devices), where new devices are blocked on first connection and remain blocked until approved by the Admin. This will handle Mac address spoofing to avoid content filtering (for those clever kids)

Added support to apply Static IP and Port Forwarding for un-managed devices
Option to turn off WiFi radio at night (or at a specified time)
Option to enable or disable UPnP support from network settings page.
User selectable time zone in settings
Added NAT Loopback for advanced users
 

Slyguy

Level 42
Verified
Gryphon will be at CES this year, and allegedly they are unveiling something really exciting.

Homebound(tm) which is an app that you can install on your mobile devices and it redirects all the traffic back home through the Gryphon and out your WAN at home. This gives you encrypted VPN security on the go, along with the ESET protection and parental controls on all of your devices on the go.

This is quite a stellar advancement for home/device security and closely aligns Gryphon with features of major UTM appliances that allow you to install apps to route all traffic through your UTM on the go (OpenVPN Server with Untangle, FortiClient VPN with Fortigate, etc)

Also coming soon;
* dual admin accounts
* better scheduler
* better history

and more...
 

Kubla

Level 7
Verified
I really like the sound of the Homebound app, the question is what kind of slow down is it going to cause, hopefully negligible.

I guess we will wait and see.
 
  • Like
Reactions: oldschool

Slyguy

Level 42
Verified
I really like the sound of the Homebound app, the question is what kind of slow down is it going to cause, hopefully negligible.

I guess we will wait and see.
No idea. But based on my past experiences with commercial solutions that do this the latency and speed drop is negligible and is largely based on the quality of internet at your home. This is basically a VPN server run at your home which your clients connect back to similar to a traditional VPN on a mobile device. In fact, when I run a VPN server at home I have less latency and better speed than most out of the box VPN offerings.
 
  • Like
Reactions: Handsome Recluse

Slyguy

Level 42
Verified
anything new for Gryphon or other security home utms this CES 2019?
Yes, Gryphon is demonstrating 'Homebound' at CES. Which is basically a VPN application you put on all of your mobile devices. Then anywhere your devices go they are always sitting protected behind your Gryphon back home, protected and with your parental controls active.

While we await the official press release of HomeBound, here's a Toms Hardware review of Gryphon that is pretty glowing but also highly detailed and well done.

Gryphon Secure Mesh Router Review: Performance Meets Protection
 

Slyguy

Level 42
Verified
New Patch for Gryphon Owners - effective today.

02.0056.53

New Features -
1) Dual Admin Support for App.
2) WiFi Power Control.
3) WiFi Radio On/Off Control.
4) Ethernet backhaul for mesh.
5) Block new devices on first connect.
6) Improved un-managed device list experience.
7) UPnP Support (Defaults OFF)
8) User Selectable Time Zones
9) Bug Fixes, Performance Tweaks

I haven't upgraded yet, that will happen as soon as we're done gaming for awhile. But this version sounds great.
 

notabot

Level 11
- How does it store authentication credentials ? ( some routers store passwords plaintext, which is quite weak )

- Does it have a web dashboard at eset or gryphon which can be used for audit ( eg giving email + pwd to email that some routers use for event audit is quite a weak practice )

- does it support file sharing on the internal network ?

- does it have addons to eg run a plex server ?
 
  • Like
Reactions: oldschool

Slyguy

Level 42
Verified
- How does it store authentication credentials ? ( some routers store passwords plaintext, which is quite weak )

- Does it have a web dashboard at eset or gryphon which can be used for audit ( eg giving email + pwd to email that some routers use for event audit is quite a weak practice )

- does it support file sharing on the internal network ?

- does it have addons to eg run a plex server ?
1) Authentication is several factor;
-App only.
-Physical proximity to the router.
-Device Key physically on router.
-Passcode for your account.

Therefore, only YOU are authorized to access it because anyone else would require physical access to get the device ID from the sticker on the bottom of the Gryphon. In addition they'd need to know your secure passphrase on your account, and they would need to have Bluetooth range to your router to activate the account. As you can see it's an extremely tiny threat surface.

2) No web dashboard. 80/443 is turned off on WAN and LAN. Also no telnet, SSH, or remote access of any kind. For debugging under serious bug issues Gryphon would have to send out a specially constructed debug unit, then you'd have to give them access to the unit locally on your LAN. Event audit is within the app under notifications.

3) No addons. Any addons would potentially increase threat surface and/or allow an API compromise. There will never be SSH enabled for tweaking or prosumer use from what I was told.

Right now, Gryphon is likely one of the most hardened routers in the world, and security is taken very seriously by them from my interactions with them and my incessant attempts to break or compromise the Gryphon I have..
 

notabot

Level 11
1) Authentication is several factor;
-App only.
-Physical proximity to the router.
-Device Key physically on router.
-Passcode for your account.

Therefore, only YOU are authorized to access it because anyone else would require physical access to get the device ID from the sticker on the bottom of the Gryphon. In addition they'd need to know your secure passphrase on your account, and they would need to have Bluetooth range to your router to activate the account. As you can see it's an extremely tiny threat surface.

2) No web dashboard. 80/443 is turned off on WAN and LAN. Also no telnet, SSH, or remote access of any kind. For debugging under serious bug issues Gryphon would have to send out a specially constructed debug unit, then you'd have to give them access to the unit locally on your LAN. Event audit is within the app under notifications.

3) No addons. Any addons would potentially increase threat surface and/or allow an API compromise. There will never be SSH enabled for tweaking or prosumer use from what I was told.

Right now, Gryphon is likely one of the most hardened routers in the world, and security is taken very seriously by them from my interactions with them and my incessant attempts to break or compromise the Gryphon I have..
How are passwords stored internally though ? The reason I ask is that surprisingly in 2019 some routers store the passwords themselves as unencrypted text, not their hash. This is a blast from the 1980s so I was wondering how gryphon stores authentication credentials internally

Regarding its Bluetooth, does it have a manual switch to turn it off to avoid the radiation and turn it back on at will just to administer the machine ?
 

oldschool

Level 35
Verified
And, again, you'll be protecting your IOT devices and devices that are not protected w/ any AV. For me, this would be important, as my house is pretty IOT heavy.
@Slyguy - this is my situation, minus the "heavy" in IOT, but we still have the usual stuff. That's why I'd like to confirm the IOT protection without the subscription.
 
  • Like
Reactions: Handsome Recluse