Incident response

DKCERT responds to security incidents on the Danish national research and education network.

A security incident may involve, for example, a virus outbreak, a hacker attack or a denial of service attack. DKCERT responds to two types of incidents: outside incidents aimed at forskningsnettet (the Danish national research and education network) and incidents originating on forskningsnettet aimed at other networks.

Outside incidents

Institutions on forskningsnettet experiencing an attack may contact DKCERT and provide information about the IP address where the attack seems to have originated.

DKCERT contacts the originating network and asks its operators to respond to the incident.

Incidents originating on forskningsnettet

Computers on forskningsnettet may generate malicious traffic, for example due to malware infections. When this traffic reaches other computers on the internet the administrators contact DKCERT, which serves as the abuse contact for all IP addresses on forskningsnettet. DKCERT contacts the institution responsible for the IP address in question and asks the operators to respond to the incident.

DKCERT coordinates the information between the parties involved in an incident and external entities, such as foreign response teams or the police. DKCERT has a consulting role.

DKCERT may protect the identity of the parties involved. Communication may be encrypted to ensure confidentiality.

Consulting and analytical services

DKCERT provides consulting services about possible threats and may help analyze, for example, log files in order to identify an attack method.

DKCERT also warns institutions about potentially vulnerable systems found by external partners scanning the internet.

Reporting an incident

You may report a security incident via e-mail: