Ricoh smb scanning with end to end encyrption

**PrintWhisperer** · 06-26-2021, 08:59 PM

Re: Ricoh smb scanning with end to end encyrption

There is one setting that can affect SMB and that is the Port used.

I tend to forget because most people use Port 445 which is pure TCP but if you use Port 139 then it involves the very insecure NetBios protocol for name resolution among other things.

Port 445 requires an internal DNS address to resolve Hostnames in order to work properly.

Not only do I use Port 445 but I often disable NetBios as well.

Good luck!

**tonerhead** · 10-01-2021, 07:48 PM

Re: Ricoh smb scanning with end to end encyrption

As a followup to this thread. I finally got MotherF Ricoh to make a statement on this situation. By my own research also, this appears to be why the Ricoh fails. Pure SMB 3.0 will not work, what is needed is SMB 3.1.1. It appears that SMB 3.0 will send username/password in cleartext, then send the data encrypted. SMB 3.1.1 sends username/password in a SHA-512 hash (cyphertext), then sends data encrypted. Kyocera has this ability, Ricoh does not. MotherF Ricoh will come out with it first quarter of 2022.

Wiki snippet

SMB 3.1.1[edit]

SMB 3.1.1 was introduced with Windows 10 and Windows Server 2016.^[41] This version supports AES-128 GCM encryption in addition to AES-128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.

C'mon MotherF Ricoh, it's only been out for 5 years now and you are just getting around to it? In the past I have had Ricoh's fail SMB scanning for unknown reasons to servers also. This is probably why because they were mandating SMB 3.1.1

**PrintWhisperer** · 10-02-2021, 04:19 PM

Re: Ricoh smb scanning with end to end encyrption

Originally posted by tonerhead

As a followup to this thread. I finally got MotherF Ricoh to make a statement on this situation. By my own research also, this appears to be why the Ricoh fails. Pure SMB 3.0 will not work, what is needed is SMB 3.1.1. It appears that SMB 3.0 will send username/password in cleartext, then send the data encrypted. SMB 3.1.1 sends username/password in a SHA-512 hash (cyphertext), then sends data encrypted. Kyocera has this ability, Ricoh does not. MotherF Ricoh will come out with it first quarter of 2022.

...
SMB 3.1.1 was introduced with Windows 10 and Windows Server 2016.^[41] This version supports AES-128 GCM encryption in addition to AES-128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.

Great work and research with new protocol requirements and thanks for the heads up! This is the kind of thing I usually have to find out with a Wireshark. I have yet to run into anything above SMB 2(wildcard) and '3' series only support up to SMB 3.0 so I think only '4' series would work.

Kyocera 4 series have updated protocols, but the '3' series Cipher levels for SHA hash (in TLS) is maxed at 384 not 512 (there are no SMB cipher settings seen in 3 series it's a simple ON/OFF) so current devices might have issues with 3.1.1.

I need to go Wireshark a '4' series

**rthonpm** · 10-03-2021, 02:07 AM

Re: Ricoh smb scanning with end to end encyrption

Other than Wireshark, you can also audit SMB connections to a server using PowerShell. The cmdlet and pipe to use is: Get-SMBSession | Select Dialect,ClientComputerName,ClientUserName

This will give you the SMB version used, the name or IP of the computer connecting to the server, and the username making the connection. For an MFP, you generally need it to be in the process of sending a file to see it connect.

Sent from my BlackBerry using Tapatalk

Ricoh smb scanning with end to end encyrption

Comment

Comment

Comment

Comment