IRIS-CERT
			         RedIRIS
                       Incident Reporting Form

The RedIRIS' security service (IRIS-CERT) has developed this form for 
helping you to gather incident information. 
If you believe you are involved in an incident, we would appreciate your 
completing the form below. This helps us to avoid delays in the incident handle.

We keep any information specific to your site
confidential unless we receive your permission to release that
information.

CONTACT INFORMATION:
IRIS-CERT
Dep. RedIRIS
Entidad Pública Empresarial Red.es
Edificio Bronce - 2a planta -
Plaza Manuel Gómez Moreno, s/n
28020 Madrid
España

Tel:    (+34) 607 156313
Mobile: (+34) 607 156313
Fax:    (+34) 91 556 88 64

Email: cert@rediris.es
WWW Server: http://www.rediris.es/cert/

Please, contact us if you have any comment or feedback.
Thank you in advance.
IRIS-CERT

==============================================================================
Submit this form to cert@rediris.es
If you are unable to send email, fax this form to: +34 91 556 8864

1.- CONTACT INFORMATION
	Organization name:
	Organization domain:
	Name of the department, center, etc.. (optional):
	Contact person name for this incident:
	E-mail address (indispensable):
	Telephone/Fax number:
	PGP Public Key (recommended):
	Other:

2.- AFFECTED MACHINES (Please, duplicate for each affected host)
	Host name:
	IP address:
	Timezone:
	Are the machine NTP synchronized? (Yes/No):
	Operative System and version:
	Security patches recommended from verdors and/or CERT/CC (Yes/No): 
	Additional information (open services, security measures,
	 purpose of the host, etc..):
	
3.- SOURCE MACHINES
(Please, duplicate for each of the source of the attack)
	Host name:
        IP address:
	Been in contact? (Yes/No):
	Aditional information:

4.- DESCRIPTION OF THE INCIDENT
	Please, include  dates, methods of intrusion, intruder tools 
	involved, intruder tool output, details of vulnerabilities 
	exploited, or any other relevant information:

	Do you know if your machine has been used to launch attacks to other
	machines? (Yes/No):	
	If Yes, duplicate this information for each target machine:
	Host name:
        IP address:
	Aditional information:

	Please, send us any log file, e-mail message and file that could help 
	to handle the incident.

5.- INFORMATION RELEASE
	Would you mind we to release this information with:
		- The network(s) involved in this incident? (Yes/No)
		- Other CERTs working in the same incident? (Yes/No)
	Comments:

Adapted with permission of the CERT(R) Coordination Center from their
copyrighted incident reporting form.
https://www.cert.org/reporting/incident_form.txt