US-CERT Incident Reporting System

Here are some resources if your cyber resources have been breached. Note the form doesnot use CAPTCHA at all

US-CERT Incident Reporting System (their head Randy Vickers quit last week)

https://forms.us-cert.gov/report/

Using the US-CERT Incident Reporting SystemIn order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are labeled “Required”. As always, we will protect your sensitive information. This web site uses Secure Sockets Layer (SSL) to provide secure communications. Your browser must allow at least 40-bit encryption. This method of communication is much more secure than unencrypted email. 
Section: Reporter’s Contact Information
First Name (Required)
Last Name (Required)
Email Address (Required)

Please re-enter for verification

Telephone number (Required)
Are you reporting as part of an Information Sharing and Analysis Center (ISAC)?   No, this is not an ISAC report  

Chemical

Electricity

Emergency Fire Services

Energy

Financial Services (FS)

Food and Agriculture

Information Technology (IT)

Maritime

Multi-State (MS)

National Monuments and Icons

Postal and Shipping

Public Health

Real Estate

Research and Education

State CIO

Surface Transportation

Telecom

Trucking

Water

Other

What type of organization is reporting this incident? (Required)   Please select  

Federal Government

State/Local Government

Commercial sector

Foreign Sector

Private Sector

What is the impact to the reporting organization? (Required)   Please select  

Unknown

None

Minimal

Low

Medium

High

What type of followup action are you requesting at this time? (Required)   Please select  

None

Contact

Forward

Describe the current status or resolution of this incident. (Required)   Please select  

Occurring

Contained

Occurred

Future Threat

Unknown

From what time zone are you making this report? (Required)   Please select a time zone  

(GMT-12:00) Enewetak, Kwajalein

(GMT-11:00) Midway Island, Samoa

(GMT-10:00) Hawaii

(GMT-09:00) Alaska

(GMT-08:00) Pacific Time (US & Canada) Tijuana

(GMT-07:00) Arizona

(GMT-07:00) Mountain Time (US & Canada)

(GMT-06:00) Central Time (US & Canada)

(GMT-06:00) Mexico City, Tegucigalpa

(GMT-06:00) Saskatchewan

(GMT-05:00) Bogota, Lima

(GMT-05:00) Eastern Time (US & Canada)

(GMT-05:00) Indiana (East)

(GMT-04:00) Atlantic Time (Canada)

(GMT-04:00) Caracas, La Paz

(GMT-03:30) Newfoundland

(GMT-03:00) Buenos Aires, Georgetown

(GMT-03:00) Rio de Janeiro

(GMT-02:00) Mid-Atlantic

(GMT-01:00) Azores, Cape Verde Is.

(GMT) Greenwich Mean Time; Dublin, Edinburgh, London

(GMT) Monrovia, Casablanca

(GMT+01:00) Berlin, Stockholm, Rome, Bern, Brussels, Vienna

(GMT+01:00) Lisbon, Warsaw

(GMT+01:00) Paris, Madrid

(GMT+01:00) Prague

(GMT+02:00) Athens, Helsinki, Istanbul

(GMT+02:00) Cairo

(GMT+02:00) Eastern Europe

(GMT+02:00) Harare, Pretoria

(GMT+02:00) Israel

(GMT+03:00) Baghdad, Kuwait, Nairobi, Riyadh

(GMT+03:00) Moscow, St. Petersburg

(GMT+03:30) Tehran

(GMT+04:00) Abu Dhabi, Muscat, Tbilisi, Kazan, Volgograd

(GMT+04:30) Kabul

(GMT+05:00) Islamabad, Karachi, Sverdlovsk, Tashkent

(GMT+06:00) Alma Ata, Dhaka

(GMT+07:00)  Bangkok, Jakarta, Hanoi

(GMT+08:00) Beijing, Chongqing, Urumqi

(GMT+08:00) Hong Kong, Perth, Singapore, Taipei

(GMT+09:00) Tokyo, Osaka, Sapporo, Seoul, Yakutsk

(GMT+09:30) Adelaide

(GMT+10:00) Brisbane, Melbourne, Sydney

(GMT+10:00) Guam, Port Moresby, Vladivostok

(GMT+10:00) Hobart

(GMT+11:00) Magadan, Soloman Is., New Caledonia

(GMT+12:00) Fiji, Kamchatka, Marshall Is.

(GMT+12:00) Wellington

What is the approx time the incident started? (localtime)   January  

February

March

April

May

June

July

August

September

October

November

December

  01  

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

,

2009  

2010

2011

:

00  

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

:

00  

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

When was this incident detected? (localtime)   January  

February

March

April

May

June

July

August

September

October

November

December

  01  

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

,

2009  

2010

2011

:

00  

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

:

00  

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

Section: Incident Details
Please provide a short description of the incident and impact (Required)
How many systems are impacted by this incident?
(Leave blank if Unknown)
How many sites are impacted by this incident?
(Leave blank if Unknown)
Was the data involved in this incident encrypted?   N/A  

Unknown

Yes

No

Was critical infrastructure impacted by this incident?   N/A  

Unknown

Yes

No

What was the primary method used to identify the incident   Unknown  

3rd Party

Administrator

AntiSpyware Software

AntiVirus Software

IDS

Log Review

US-CERT Einstein Program

US-CERT IDS Signature or Tip

User

Other

If available, please include 5-10 lines of time-stamped logs in plain ASCII text.(e.g.,CSV).

 

 

Impacted User Contact Information
Please complete this section if someone is impacted by this incident other than you, the reporter. Please provide as much information about the impacted contact as possible in the fields below.
First Name
Last Name
Email Address
Telephone number
What type of organization is impacted by this incident?   Unknown  

Federal Government

State/Local Government

Commercial sector

Foreign Sector

Private Sector

If known, what is the impacted organization’s incident tracking number for this issue?
If known, What is the impact to the impacted organization?   Unknown  

None

Minimal

Low

Medium

High

 

 

Victim and Attacker Host IP Information
If known, please enter the relevant protocol (HTTP, SMTP, etc.) used in the attack.
Section: Victim Host Information
If known, what is the primary purpose(s) of the victim host system? [Check all that apply]
Application Server Blackberry/PDA/Mobile Agent Database Server Domain controller Domain Name Server (DNS)
File Server Firewall Laptop Mail server Printer
Proxy Server Router Server Switch Time server
Unknown Web server Workstation Other
What Anti-virus software is installed on the victim system?   Unknown  

None

Bit Defender

Computer Associates

McAfee Enterprise

McAfee Virus Scan

Norton AntiVirus

Symantec Corporate Edition

Provide any additional description of victim system that may be helpful.
If known, please enter the victim’s IP address in dotted decimal format (e.g., 192.168.10.1).
If known, please select the subnet mask (CIDR notation as a numeric value from 1 to 32) of the victim system.   

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

If known, please identify any ports involved in the attack from the victims point of view.
Example: 23,25,60-90,1024-
Please enter any additional notes about the victim system that may be helpful.
What is the operating system of the victim computer?   Unknown  

Apple Mac OS X

Apple Mac OS 9.1 or earlier

Cisco ISO

Fedora

FreeBSD

GenToo

HP/UX

IBM AIX

Mandrake Linux

NetBSD

Novell

OpenBSD

Red Hat Linux

SCO Unix

SGI Irix

Slackware Linux

Sun Solaris

SuSE

VMS

Windows 3.x

Windows 9x/Me

Windows NT 3.5.1

Windows NT 4.0

Windows 2000 Professional

Windows 2000 Server (any)

Windows XP

Windows 2003 Server

Windows Vista

Other

Section: Attacker Host Information
If known, what is the primary purpose(s) of the attacker host system? [Check all that apply]
Application Server Blackberry/PDA/Mobile Agent Database Server Domain controller Domain Name Server (DNS)
File Server Firewall Laptop Mail server Printer
Proxy Server Router Server Switch Time server
Unknown Web server Workstation Other
What Anti-virus software is installed on the attacker system?   Unknown  

None

Bit Defender

Computer Associates

McAfee Enterprise

McAfee Virus Scan

Norton AntiVirus

Symantec Corporate Edition

Provide any additional description of attacker system that may be helpful.
If known, please enter the attacker’s IP address in dotted decimal format (e.g., 192.168.10.1 ).
If known, please select the subnet mask (CIDR notation as a numeric value from 1 to 32) of the attacker system.   

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

If known, please identify any ports involved in the attack from the attackers point of view.
Example: 23,25,60-90,1024-
Please enter any additional notes about the attacker system that may be helpful.
What is the operating system of the attacking computer?   Unknown  

Apple Mac OS X

Apple Mac OS 9.1 or earlier

Cisco ISO

Fedora

FreeBSD

GenToo

HP/UX

IBM AIX

Mandrake Linux

NetBSD

Novell

OpenBSD

Red Hat Linux

SCO Unix

SGI Irix

Slackware Linux

Sun Solaris

SuSE

VMS

Windows 3.x

Windows 9x/Me

Windows NT 3.5.1

Windows NT 4.0

Windows 2000 Professional

Windows 2000 Server (any)

Windows XP

Windows 2003 Server

Windows Vista

Other

 

 

Author: Ajay Ohri

http://about.me/ajayohri

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s