Slyguy

Level 40
There is a rather significant firmware update coming very shortly for Gryphon.

They'll be the first router to block Puffin Browser, which is well known to bypass all UTM/NGFW/Parental Controls. They expanded the VPN blocking for people that want to specifically block VPN's from devices to include all known VPN's.

More importantly, Gryphon will block Ads/Trackers at the router level as a select-able option!

I run my Gryphon in a low-power mode to constrain my WiFi broadcast within a tight parameter around my home. Handy feature there. Also the ability to completely disable WiFi at specific times is a security feature most people won't appreciate. Also the block new devices is more powerful than people realize, and mac spoofing won't even bypass it. (tested)

The previous firmware updates;

What’s new on 56.53?
  • Option to turn off WiFi radio
  • Low power transmission mode
  • Dual Admin support in the mobile application
What’s new for previous release 56.37?

  • Ethernet backhaul for Gryphon mesh network
  • Block new devices on first connection
  • Improved unmanaged device list experience
  • UPnP enable/disable support
  • User selectable Time zone
 

Agerwaze

New Member
Been following this thread as I'm looking for a new, more secure router. The gryphon looks interesting, thanks for all the info. There actually doesn't seem to be much detail about the product anywhere else.

I'm currently with an ISP in the UK that doesn't provide support for configuring their equipment in 'modem only mode' so I would be forced to set up the Gryphon in bridge mode ie. switch off DHCP and WiFi broadcast in my current router and hook the gryphon downstream.

Would this setup have any disadvantages in terms of security or functionality?
 

Slyguy

Level 40
Been following this thread as I'm looking for a new, more secure router. The gryphon looks interesting, thanks for all the info. There actually doesn't seem to be much detail about the product anywhere else.

I'm currently with an ISP in the UK that doesn't provide support for configuring their equipment in 'modem only mode' so I would be forced to set up the Gryphon in bridge mode ie. switch off DHCP and WiFi broadcast in my current router and hook the gryphon downstream.

Would this setup have any disadvantages in terms of security or functionality?
No clue, I'd reach out to Gryphon directly and ask this question.

Gryphon support is very good IMO. I read a review where the guy claimed Gryphon's lead engineer flew out to his home to examine why Gryphon wouldn't work as expected in his environment. Crazy! I know they sent me a debug unit because I was having some strange issues which we eventually pinned on the ISP, Gryphon was not liking some HTTPS intercepts my ISP was doing, and once we revealed their activity it magically turned off that day at my ISP.

So they do go above and beyond.
 

Agerwaze

New Member
As an update to this for anyone in a similar situation:

I had, in fact, reached out to Gryphon a few days ago but didn't get a definitive answer about whether there would be a downside to using the router in 'bridge mode'. I did however manage to catch someone online today on their live chat and it was confirmed that the Gryphon would work in the configuration outlined above and that there would be no loss of features or security.

So I'll be buying one of these in the next few days :)
 

Agerwaze

New Member
Out of stock in the UK but Gryphon has kindly offered to send a US model. @Slyguy would be awesome to get a rundown of settings that you recommend for hardening if you get a few spare minutes.

In conversation with Gryphon, I mentioned the existence of this thread and recommended they add more technical info to their website.

After asking a couple of questions, I was also informed:

1) Intrusion detection products like fingbox and Firewalla are probably superfluous if you already own a Gryphon -- since it performs those functions inherently.

2) As Slyguy already mentioned, the protection against new devices joining is immune to MAC spoofing. This feature was an important factor in my buying decision so I did ask whether there were other ways to get around this for someone with technical skills. They avoided answering this question, presumably (and understandably) for security reasons. But it does make me less confident in that function now.
 

esoteric24

Level 1
Met John at RSA. Very nice guy. One thing that was brought to my attention is that you cannot use cloudflare DNS with the router. It has been brought to his attention and he's working on a fix. He looked at my settings, I'm trying as an admin with no restrictions.

210865
 
Hi,

My situation is that I have a team of good hackers constantly prying my defenses. I test and investigate security. I put in a new defense, and they prod it and try to bypass it. In this situation sometimes it could be a week before I detect the abnormality. And they can program. So this is a so-called targeted attack.

Would Gryphon's machine learning intrusion prevention not work for me? It would see the command n control traffic and assume it is normal. This kind of abnormality detection is not a new thing, and all of them requires a period of 'learning' time to establish a baseline. Does this feature have a basic baseline of its own, before I turn on learning mode? So that it could detect the C&C ? In other words, it has to take on the 'assume compromised' stance, instead of 'everything is OK until I see something different' .
 
Last edited:
  • Like
Reactions: AtlBo
I just chatted with Gryphon support online. The person said that Intrusion Protection is for IoT, non-computer devices. ESET handles PCs.

Might as well just buy ESET as the ESET employee said above somewhere. But Gryphon protects all PCs connected, so thats something to consider.
 
  • Like
Reactions: blackice and AtlBo

blackice

Level 1
Very tempted to get one of these when my ASUS dies. I was selling the features to my wife and she was pretty on board. Unless ASUS ups their firmware game this may be the way to go. Hard to abandon Merlin’s help, though. I like the built for security from the ground up approach, as opposed to the whack-a-mole with other firmwares.
 

blackice

Level 1
One other thing I noticed with this router is that they only recently added UPNP functionality. Hopefully this means they waited until they had a proper implementation that was secure. It would be nice to own a router that didn’t pop up in the news (such as Upnproxy) without clarity on vulnerability.
 
  • Like
Reactions: AtlBo

yarr

Level 2
I have been looking at the fingbox and bitdefender router so far but this is interesting. I want someway to protect my network when I add a device that may be already infected or a way to completely isolate computers from one another and maintain internet. I like that fingbox can be connected to the router I already have but this looks really promising.

I wanted to edit my previous post but it won't let me. Does Gryphon also have protection against wifi attacks like fing? If it does how is it different? I tried looking it up but didnt find anything. I'll look again and how do you edit mobile posts? lol
 

Slyguy

Level 40
Hi,

My situation is that I have a team of good hackers constantly prying my defenses. I test and investigate security. I put in a new defense, and they prod it and try to bypass it. In this situation sometimes it could be a week before I detect the abnormality. And they can program. So this is a so-called targeted attack.

Would Gryphon's machine learning intrusion prevention not work for me? It would see the command n control traffic and assume it is normal. This kind of abnormality detection is not a new thing, and all of them requires a period of 'learning' time to establish a baseline. Does this feature have a basic baseline of its own, before I turn on learning mode? So that it could detect the C&C ? In other words, it has to take on the 'assume compromised' stance, instead of 'everything is OK until I see something different' .
As for the IPS, while it works for IOT, you can assign PC's to an IOT category and get the IPS benefit if you have sufficient protection on the endpoint for AV/Web Filtration.

For hardening, I like to make hardened groups. For example my most hardened group on Gryphon is NO WAN ACCESS. Anything in this group simply cannot talk outside of the LAN. I reserve this for printers, security cameras, etc.

The second thing I do is 'Limited WAN' for devices that need to communicate via the WAN but only at specific times. For example my TIVO units only need to connect from around 2AM-4AM, so I determined the 'exact' time they update themselves, and block all other times in this group.

The third category I have is 'Nightly Off', these are devices I want to kill access to automatically at night. Usually these are Windows PC's, Tablets, Kindles. After 1AM they are blocked from WAN until 7AM.

By creative use of user groups, time permissions, and other things Gryphon offers some extra security above and beyond what it already offers.
 

Brakks

New Member
@Slyguy

Is it possible to connect a Synology Nas to the Ethernet ports and access the NAS (or a Apple TimeCapsule etc.) in the home network (like any other router can)?

Any news regarding the vpn (nordvpn) function?

I am thinking about buying the router and hope that it will be actively developed.

Thanks.
 
  • Like
Reactions: Handsome Recluse

Kubla

Level 6
@Slyguy

Is it possible to connect a Synology Nas to the Ethernet ports and access the NAS (or a Apple TimeCapsule etc.) in the home network (like any other router can)?

Any news regarding the vpn (nordvpn) function?

I am thinking about buying the router and hope that it will be actively developed.

Thanks.
I have the Synology DS218+ on mine mostly for backing up two systems on my home network, works great.
 
Last edited:
  • Like
Reactions: Handsome Recluse

blackice

Level 1
Is it possible to turn off admin access from the WAN? I tried to skim back through this thread, and don’t remember seeing a comment on that.
 

Kubla

Level 6
Great! What is you overall impression and how is the wifi coverage?
Almost to strong, I get coverage as far away at the neighbors on the opposite side of the house from where the Gryphon is sitting which means a lot of people see my wifi.

Just make sure you use a strong access password.