Report a Network Security Incident at the University of Arizona

• UA Community
  UA Community members wishing to report a security incident should contact their IT support group first -- please see below.
  
  
• Information Security Office's Incident Reporting web form
  Submit abuse complaints regarding devices on the UA network using the web form. For non-emergencies, the target response time to email or the web form is less than one business day, but the actual response time is typically considerably faster.
  
  
• UA Network Managers and IT Staff
  
  
• ISPs, NOCs and Security Teams
  
  

Please note that reports and samples of phishing or spam from University of Arizona affiliates should be sent with full headers to:

abuse@email.arizona.edu

 

We do not handle third party spam/phishing complaints where no University of Arizona systems or users are involved.

 

Information regarding obtaining full headers can be found at:

 

www.spamcop.net/fom-serve/cache/19.html

---

University of Arizona affiliates should contact their IT support group first for security incidents, and your IT support group can then decide if it is something which it will handle or should involve SecOps. We are requesting that incidents go through the proper IT support groups first since we would not be able to handle the volume of reports we would get otherwise, potentially involving day-to-day desktop operational issues such as forgotten passwords, application errors, email viruses being quarantined, and so on. Please note that we do not provide direct workstation/laptop remediation or direct technical support for desktop security applications, and such queries should also be directed to your IT support group.

 

• IT Support information
• Spam, Scams & Viruses

For situations which are a clear, on-going network security emergency and the appropriate IT support group cannot be reached, please call our NOC at (520) 621 7999, or SecOps at (520) 626 0100.

 

 

To top

---

Please note that reconnaissance scanning/probing is a *very* common event now, and does not constitute an emergency. If you are seeing scanning/probing hitting your end-points, you may wish to consider contacting us via email in order to 1) set up a network firewall for your department, 2) protect your department's subnets on the perimeter firewall, and 3) block the offending scanning IP address on the perimeter firewall

 

Response time to email or the web form is less than one business day, but the response time is typically considerably faster.

• Fill out a Security Operations Service Request form, or
• Information Security Office's Incident Reporting web form

• SecOps call (520) 626 0100
  
  
• NOC call (520) 621 7999 (24/7 support)
  For calls to NOC, clearly identify which organization you are with, your responsibility (ie, network engineer) within your organization, a phone number and email address which you can be reached at, the IP addresses (and MAC addresses if available) involved, and the type of incident which is occurring.

To top

---

For external Internet Service Provider security teams or NOCs that wish to report emergencies involving our network, such as ongoing attack against your network originating from our network, you can call SecOps (see below). Please note that external entities should call for emergencies only, and should use email or the web form for most abuse complaints.

 

Response time to email or the web form is less than one business day, but the response time is typically considerably faster.

• Information Security Office's Incident Reporting web form
• Or email abuse@arizona.edu

• SecOps call (520) 626 0100
  
  
• NOC call (520) 621 7999 (24/7 support)
  For calls to NOC, clearly identify which organization you are with, your responsibility (ie, network engineer) within your organization, a phone number and email address which you can be reached at, the IP addresses (and MAC addresses if available) involved, and the type of incident which is occurring.

To top