Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: How and when to contact the Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
How and when to contact the Internet Storm Center

One of the best ways to contact us is via our 'Contact Us' page here. Please feel free to upload documents, logs, malware, packets, or other files of interest. We operate 24/7 and have volunteers from around the planet. We do attempt to reply to email we receive. When we do, please cc the handlers email address to keep everyone in the loop. Replies with the same subject line will also keep tracking numbers in place making thread review simpler.

We at the Internet Storm Center tend to receive a fair amount of email. The messages fall into a number of categories, the list is not all inclusive.

Things we LOVE to hear, in some way related to InfoSec:

- Intel about new or emerging threats.
- Anything new or unknown.
- Information about ongoing incidents, with as much detail as possible.
- Follow-up on diaries or emails with additional details, suggestions, theories etc...
- New or evolving malware.
- Interesting packets.
- Phishing sites and takedown requests.
- Outages, particularly if you can tell us why it went down.
- New tools or technieques.
- Generally interesting security related stuff.
- Humor.
- Kudos.
- Have I mentioned interesting stuff?

Things we don't know what to do with:

- Hello, is this the helpdesk for the entire Internet?
- Requests for a full refund (BTW the Internet Storm Center is free).
- Marketing or PR types complaining about something we wrote about their product, without providing any verifiable factual content.
- Really strange messages that defy description.
- Spam, yes our inbox receives spam. Talk about a good way to get blackholed or filtered.


- Email that should go to SANS addresses, such as for course related questions. Although we do forward them on there is a delay in getting a response.

Before you send us anything falling into the second category take a moment to reflect on what we do here at the Internet Storm Center, and the fact that we are an international and rather diverse (if not eclectic) group of volunteers. You may want to check out our 'About us' page here. In short, we are a bunch of security geeks that give up their time to write about issues we see as being relevant. Not all diary entries are relevant to all readers, such as this one.

Bottom line is that we want to know if a anyone sees something new and it appears to be security related.  The best thing we provide is fusion of incidents reported by people (rather than by computers) and the ability to rapidly publish a set of ideas and analysis.  Packets are always good, plus malware. Also websites hosting new or particularly evil malware (scripts, etc...)

Anything sent in is treated with the highest confidentiality, we do respect the labels and restrictions placed on disclosure of your employer, email address, name, or content.

One last note, it is worth mentioning that we would rather not discourage email, quite the contrary. If in doubt please feel to let us know what is going on. We really could not do our jobs without input from you. Thanks for letting me vent.

Adrien de Beaupré

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - Pen Test HackFest 2020

Adrien de Beaupre

353 Posts
ISC Handler
Mar 4th 2008

Sign Up for Free or Log In to start participating in the conversation!