ISP Throttling

[Rick Soignoli 0]

I have have had 3 different CCTV systems that have Comcast as an ISP recently, after years of no issues, suddenly start having issues.  All three are in restaurants and the POS system started struggling processing credit cards and other network issues.  The managers reached out to the POS vendor and replaced varies parts.  Nothing worked and to make sure the camera systems weren't the issue they unplugged the cameras from the network and everything worked great.  Again these are 3 different DVR manufactures. They have been unplugged for weeks with no issue but we have no access from outside for the cameras now.  I have also witnessed this with a convenient store, Comcast ISP and the network stopped processing credit cards until the camera system was unplugged.

 

Has anyone else had similar experiences?  Any workarounds?  

 

Thanks,

Rick

 

[tomcctv 187]

Hi what part of the world are you in 

 

this is something you need to act on fast 

pos should not be going through a basic internet connection …. Basically your not protecting your customer’s information 

can you also name the makes of recorders you have and the app you use

if you have used the qr code or P2P setup then your firewall has been disabled and this is a security risk to you and your customers

 

Your restaurants networks need to be made secure and one way is using a managed switch….. to be used on everything but your cctv … which always stay separate 

[Rick Soignoli 0]

I am in New England.  I know that credit cards need to be protected.  They have their own firewall and protection.  Their Firewall and my cameras both plug into the Comcast gateway.  I don't use the QR code or P2P i connect using port forwarding.  They are Everfocus, and Magic DVRs.  

[Conor 0]

This sounds like your cameras are either hacked or being streamed 24/7, that would max out your uplink and hence the POS is struggling.

I would run a tcpdump on the traffic from those DVRs to work out if its a hack or your owner is streaming from them.

In future access your DVRs not via the comcast ip or cloud but via a VPN, if you aren't used to VPNs then use an easy to deploy vpn via an i-spi from netcelero. (www.netcelero.com)

 

 

[Conor 0]

the only other obvious thing is to make sure that the NVRs and firewall are all on a private static ips outside the comcast dhcp pool, if one is static and another a dhcp, then you could have then overlapping and interfering with each other.

[Conor 0]

ISP throttle on the traffic so if your CCTV sytems aren't sending any info while connected then there would be no effect on the POS. It may be a recent upgrade of the firmware on the comcast router that say defaulted a LAN port to a WAN port. So i'd check the ports on the comcast in its config. I would also use a simple 5 port dumb switch to check each port.

Now there is one other thing i have seen in the past and that was where the ISP would only permit a single MAC address connected to its ISP modem, this was to stop internet sharing. So you can only have a single firewall connected etc. Comcast seem a bit big to do that though. You can test that with a single cheap tplink router between the ISP and the cameras and firewall etc.