Question About Most Recent Firmware and SMB

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Happy Copier
    Technician
    • Mar 2019
    • 45

    Question About Most Recent Firmware and SMB

    My company has a full fleet of Kyocera copiers and we have been using scan to folder with SMBv1. Our domain controllers got updated recently and that disabled SMBv1 across our network. We are wanting to continue scanning to folder, but we aren't turning SMBv1 back on. We read that our copiers should be offering Version 2 and Version 3 of SMB. The majority of our copiers are 3540's and 3040's, and a few 3645s. We are reading that if we have Version 5 or greater firmware that we should have the capability to scan using SMBv2 or SMBv3. We are being told by our copier company that our copiers have the most recent version of the firmware, but in the protocol menu it only offers one version of SMB. Plus, when we look at our copiers listed and the firmware in each we see the firmware version starting with a "2". They gave us a thumbdrive with the most recent firmware on it and we looked at the individual files are seeing seeing dates that are not recent. I'm hoping there's someone here that can confirm we've got the most recent firmware and or not. We are desperately needing SMBv2 or better.

    Thanks for any help!!
    Attached Files
  • ntbann
    Senior Tech

    500+ Posts
    • Jan 2012
    • 618

    #2
    Re: Question About Most Recent Firmware and SMB

    2NY_2000. 007.301 is current.

    Comment

    • eddie110171
      Service Manager

      100+ Posts
      • May 2012
      • 133

      #3
      Re: Question About Most Recent Firmware and SMB

      SMBv2/SMBv3 was added in ECOSYS M3540idn Combined firmware 11/16 which was Main 2NM_2000.005.010 version 005.010

      Comment

      • Happy Copier
        Technician
        • Mar 2019
        • 45

        #4
        Re: Question About Most Recent Firmware and SMB

        Thank you for your replies. Then I'm not understanding why we aren't seeing the option of the different SMB versions. In the protocols it just says "SMB". in the SNMP settings you see the different versions of it, but not in SMB. In the other attached picture you can see the firmware version and it appears to me that it's a newer version than the one where the new versions of SMB were added. Once again thanks for your help!!
        Attached Files

        Comment

        • copier tech
          Field Supervisor

          5,000+ Posts
          • Jan 2014
          • 7980

          #5
          Re: Question About Most Recent Firmware and SMB

          Originally posted by Happy Copier
          Thank you for your replies. Then I'm not understanding why we aren't seeing the option of the different SMB versions. In the protocols it just says "SMB". in the SNMP settings you see the different versions of it, but not in SMB. In the other attached picture you can see the firmware version and it appears to me that it's a newer version than the one where the new versions of SMB were added. Once again thanks for your help!!
          The SMB v2.0 option might be under the network security tab ?
          Let us eat, drink, and be merry, because tomorrow we may die!

          For all your firmware & service manual needs please visit us at:

          www.copierfirmware.co.uk - www.printerfirmware.co.uk

          ​

          Comment

          • Happy Copier
            Technician
            • Mar 2019
            • 45

            #6
            Re: Question About Most Recent Firmware and SMB

            Originally posted by copier tech
            The SMB v2.0 option might be under the network security tab ?

            Hey Copier Tech, man I looked all through the Network Security Tab and I'm not seeing it. I have looked these copier menus over a few times....

            Thanks for helping

            Comment

            • tmaged
              Owner/Service Manager

              Site Contributor
              1,000+ Posts
              • Oct 2008
              • 1818

              #7
              Re: Question About Most Recent Firmware and SMB

              They have the latest firmware version and should support SMBv2/3. There is nothing to see or activate on the web page, or system menu in regards to the SMB version.
              Are you having trouble scanning ? If so, what is the error code ?
              Hope that helps !
              -Tony
              www.dtios.com
              Become a fan on Facebook

              Comment

              • dalewb74
                Service Manager

                Site Contributor
                1,000+ Posts
                • Feb 2018
                • 1080

                #8
                Re: Question About Most Recent Firmware and SMB

                ever tried setting up scanning using ftp server? i always use filezilla server for kyocera scanning? don't know if that is an option for you. or are you familiar with kyocera print center from the microsoft store?

                Comment

                • Happy Copier
                  Technician
                  • Mar 2019
                  • 45

                  #9
                  Re: Question About Most Recent Firmware and SMB

                  Originally posted by dalewb74
                  ever tried setting up scanning using ftp server? i always use filezilla server for kyocera scanning? don't know if that is an option for you. or are you familiar with kyocera print center from the microsoft store?
                  I work for a banking institute and I don't think using an FTP server would be considered the most safe way to send information. We're trying to be as secure as possible for audits. Thanks for your suggestion though

                  "Additionally, federally compliant organizations or networks can’t use FTP because of its lack of security. In fact, in 2017, the FBI issued a notice and warning about the potential for data breaches in the healthcare system for organizations using FTP. "

                  Comment

                  • PrintWhisperer
                    Trusted Tech

                    250+ Posts
                    • Feb 2018
                    • 437

                    #10
                    Re: Question About Most Recent Firmware and SMB

                    Because we see options to turn off versions of TLS we sometimes think it should exist for SMB as well, but SMB works differently.* At least until the next upgrade where it gets wrapped in TLS but that's a future headache.

                    Kyocera devices DO NOT offer an option to 'turn off' different versions of SMB. While there are some reasons why one would want this option, it would be for Device-side SMB HOST share control. Kyocera devices do not have device side (incoming) SMB Host for files, only for printing via the default NetBIOS printer share for peer-to-peer printing. Because NetBIOS employs SMBv1 mechanisms, it may register SMBv1 traffic on a security scan and need to be turned off. Actually NetBIOS should be turned off for any environment when it is not specifically required and will be with the '4' Series Network Security level 2 and 3 setting.



                    As for Scan to folder via SMB, the MFP acts as the Client and the Shared Folder is on the Host. As you have seen with your Server, the Host controls the version to be used. The Client (MFP) presents a list of ALL the versions of SMB (known as dialects) to the Host, and the Host decides which version it will allow.

                    Below is my stock Wireshark screenshot of the Client Hello packet where this list is presented from the MFP (client) to the Server(host). This is a common point of confusion and I have had this discussion dozens of times.

                    Lastly as you see in the screenshot, Kyocera MFP's will present ALL versions from NTLM 0.12 (NT Lan Manager or SMB1) up to SMB 2/3 when supported firmware is installed.

                    Under the old firmware, on a server with SMBv1 turned off, a device presenting a Client Hello packet with only SMBv1 dialect would receive an immediate TCP reset and be disconnected with a send error code 'failure to connect to server.'

                    Using Wireshark and looking at the Client Hello packet is the only definitive way of seeing what 'versions' (dialects) the MFP supports:






                    * TLS exploits used 'down-versioning' to renegotiate connections to less secure versions with weak encryption so any Client with lower TLS versions enabled would be refused, hence the 'Disable TLS 1.0/1.1' thing recently. These mechanisms are not in SMB (right now) and the protocol is not used for the same purposes.
                    Last edited by PrintWhisperer; 07-28-2023, 03:05 AM.
                    "Being ignorant is not so much a shame, as being unwilling to learn" - Benjamin Franklin

                    Comment

                    Working...