※※ Below rules are only at Japanese.
English rules are under construction.
Rule lists
| rules | contents |
| Attack | |
| ATTACK/MS05-039 | Act Zotob worm attempted to infect internal networks against windows vulnerabilities |
| P2P | |
| P2P/BitTorrent Handshake | Request for connecting to P2P sharing software "BitTorrent" |
| P2P/FolderShare Login | Request for connecting by P2P sharing software "FolderShare" |
| P2P/Gnutella Client Connectiont | Request for connecting through Gnutella protocol. |
| P2P/Kazaa File Search 1 | Searching for files by Kazaa |
| P2P/Kazaa File Search 2 | Searching for files by Kazaa |
| P2P/Napster Login | Request for connecting with Napster |
| P2P/Share Connection | Request for connecting with Share |
| P2P/Skype http Connection | Request for connecting withSkype |
| P2P/Skype Login | Request for connecting withSkype |
| P2P/WinMX Request | Exchange files via P2P sharing software,"WinMX" |
| P2P/Winny | Request for connecting with P2P sharing software "Winny" |
| P2P/eDonkey2000 TCP Connection | Request for connecting by eDonkey2000 |
| P2P/eDonky File Request | Request for connecting by eDonkey |
| IM | |
| IM/AOL Instant Messenger Chat | Chatting through AIM (Instant Messenger) |
| IM/AOL Instant Messenger English | Sending messages through AIM(English) |
| IM/AOL Instant Messenger File Send | Sending files through AIM |
| IM/AOL Instant Messenger Japanese | Sending messages at Japanese through AIM |
| IM/AOL Instant Messenger Login | Logging in AIM |
| IM/MSN Messenger File Send | Sending files through MSNM |
| IM/MSN Messenger Login | Logging in log-in server for IM MSNM |
| IM/MSN Messenger Login Proxy | Logging in log-in server for IM MSNM through Proxy. |
| IM/MSN Messenger Login Socks | Logging in log-in server for IM MSNM through Socks. |
| IM/MSN Messenger Message Send | Sending messages through IM MSNM |
| IM/MSN Web Messenger Login | Logging in MSN Web Messenger |
| IM/MSN Web Messenger Message Send | Sending messages through MSN Web Messenger |
| IM/Yahoo! Messenger File Send | Sending files through Yahoo Messenger |
| IM/Yahoo! Messenger Login | Logging in Yahoo Messenger Network |
| IM/Yahoo! Messenger Login Proxy | Logging in Yahoo! Messenger Network through Proxy |
| IM/Yahoo! Messenger Message Send | Sending Message through Yahoo! Messenger |
| Worm | |
| WORM/CodeRed.A | Activity of infection by Machines with CodeRed |
| WORM/CodeRed.B | Activity of infection by Machines with CodeRed |
| WORM/Dcom Attempt | Attack to Microsoft Windows DCOM vulnerability or WORM Activity |
| WORM/LSASS | Attack to Microsoft Windows LSASS vulnerability or WORM Activity |
| WORM/SQL Slammer | SQL Slammer WORM activity. |
| WORM/Welchia AT/MS WebDAV | Welchia WORM activity or attack to WebDAV vulnerability on IIS 5.0 |
| VPN | |
| VPN/IPsec Connection | Request for connecting to external through IPSec |
| VPN/Open VPN TCP Connection | Request for connecting to VPN software"OpenVPN" |
| VPN/Open VPN UDP Connection | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther Connection beta0.5 | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther SSL Connection 1 | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther SSL Connection 2 | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther SSL Connection 3 | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther SSL Connection 4 | Request for connecting to VPN software"OpenVPN" |
| VPN/SoftEther VPN 2.0 SSL Connection | Request for connecting to VPN software "SoftEther (Version2.0)" |
| VPN/TinyVPN | Request for connecting to VPN software "TinyVPN" |
| SPAM | |
| SPAM/Black List 1 | SPAM/Black list 1 |
| SPAM/Chatch 1 | SPAM/Chatch 1 |
| SPAM/Dream Get 1 | SPAM/Dream Get 1 |
| SPAM/MIN Type 1 | SPAM/MIN Type 1 |
| SPAM/MIN Type 2 | SPAM/MIN Type 2 |
| SPAM/Net Business 1 | SPAM/Net Business 1 |
| SPAM/Net Shopping 1 | SPAM/Net Shopping 1 |
| SPAM/Net Shopping 2 | SPAM/Net Shopping 2 |
| SPAM/Sales 1 | SPAM/Sales 1 |
| SPAM/Sales 2 | SPAM/Sales 2 |
| SPAM/URL Get 1 | SPAM/URL Get 1 |
| BBS write | |
| BBS/2ch Write 1 | BBS/2ch Write 1 |
| BBS/2ch Write 2 | BBS/2ch Write 2 |
| BBS/2ch Write First Time | BBS/2ch Write First Time |
| BBS/Classmates Login | Longging in Classmates |
| BBS/Cocolog Login | Longging in Cocolog |
| BBS/Gazou_ch Write | Gazou ch Write |
| BBS/Gree Login | Logging in social networking site"Gree" |
| BBS/Myspace Login | Logging in social networking site"Myspace" |
| BBS/Slashdot JP Coment | BBS/Slashdot JP Coment |
| BBS/Wikipedia JP Edit | BBS/Wikipedia JP Edit |
| BBS/Yahoo! Message Boards Write | BBS/Yahoo! Message Boards Write |
| BBS/mixi http Login | HTTP logging in social networking site"mixi" |
| BBS/mixi https Login | HTTPS logging in social networking site"mixi" |
| Firewall | |
| FW/FTP Connection to HOME NET | FW/FTP Connection to HOME NET |
| FW/HTTP Connection to HOME NET | FW/HTTP Connection to HOME NET |
| FW/HTTPS Connection to HOME NET | FW/HTTPS Connection to HOME NET |
| FW/MS Directory to HOME NET | FW/MS Connection to MS directory service |
| FW/MS SQL Service DEFAULT PORT Connection to HOME NET | FW/MS Connection to SQL DEFAULT PORT |
| FW/MS-RPC Connection to HOME NET | FW/MS-RPC Connection to HOME NET |
| FW/NetBIOS Datagram to HOME NET | FW/NetBIOS Datagram to HOME NET |
| FW/NetBIOS Datagram to HOME NET | FW/NetBIOS Datagram to HOME NET |
| FW/NetBIOS Name Service to HOME NET | FW/NetBIOS Name Service to HOME NET |
| FW/NetBIOS Session to HOME NET | FW/NetBIOS Session to HOME NET |
| FW/Oracle DEFAULT PORT Connection to HOME NET | FW/Oracle Connection to Oracle DEFAULT PORT |
| FW/SSH Any Port Connection | FW/SSH Any Port Connection |
| FW/SSH Connection to HOME NET | FW/SSH Connection to HOME NET |
| FW/TCP Connection to HOME NET | FW/TCP Connection to HOME NET |
| FW/TELNET Connection to HOME NET | FW/TELNET Connection to HOME NET |
| FW/TFTP to EXTERNAL NET | FW/TFTP to EXTERNAL NET |
| FW/TFTP to HOME NET | FW/TFTP to HOME NET |
| FW/WINMX DEFAULT PORT Connection | FW/INMX Default Port Connection |
| FW/Worm BlasterDEFAULT PORT Connection | Activity of infection by Blaster Default Port |
| Chat | |
| CHAT/ICQ File Send | Sending messages from AIM users through InstantMessanger ICQ |
| CHAT/ICQ Message | Sending messages from AIM users through InstantMessanger ICQ |
| CHAT/ICQ to AOL message English | Sending messages in English from AIM users through InstantMessanger ICQ |
| CHAT/ICQ to AOL message Japanese | Sending messages in Japanese from AIM users through InstantMessanger ICQ |
| CHAT/IRC DCC File Transfer Request | Sending files to the external users through IRC |
| CHAT/IRC Message | Sending files to the external users through IRC |
| CHAT/Modifying IRC NOTICE | Connection through IRC using NOTICE command |
| CHAT/Modifying IRC PART | Connection through IRC using PART command |
| CHAT/Modifying IRC PRIVMSG | Connection through IRC using PART command |
| CHAT/Modifying IRC QUIT | Connection through IRC using QUIT command |
| CHAT/Modifying IRC TOPIC | Connection through IRC using TOPIC command |
| HTTP Upload | |
| HTTP UPLOAD/.avi file | Uploading files on the Web |
| HTTP UPLOAD/.c file | Uploading files on the Web |
| HTTP UPLOAD/.cpp file | Uploading files on the Web |
| HTTP UPLOAD/.csv file | Uploading files on the Web |
| HTTP UPLOAD/.doc file | Uploading files on the Web |
| HTTP UPLOAD/.exe file | Uploading files on the Web |
| HTTP UPLOAD/.gif file | Uploading files on the Web |
| HTTP UPLOAD/.h file | Uploading files on the Web |
| HTTP UPLOAD/.jpg file | Uploading files on the Web |
| HTTP UPLOAD/.lzh file | Uploading files on the Web |
| HTTP UPLOAD/.mdb file | Uploading files on the Web |
| HTTP UPLOAD/.mp3 file | Uploading files on the Web |
| HTTP UPLOAD/.mpeg file | Uploading files on the Web |
| HTTP UPLOAD/.ora file | Uploading files on the Web |
| HTTP UPLOAD/.pdf file | Uploading files on the Web |
| HTTP UPLOAD/.png file | Uploading files on the Web |
| HTTP UPLOAD/.ppt file | Uploading files on the Web |
| HTTP UPLOAD/.swf file | Uploading files on the Web |
| HTTP UPLOAD/.wmv file | Uploading files on the Web |
| HTTP UPLOAD/.txt file | Uploading files on the Web |
| HTTP UPLOAD/.xls file | Uploading files on the Web |
| HTTP UPLOAD/.zip file | Uploading files on the Web |
| HTTP UPLOAD/ALL | Uploading files on the Web |
| HTTP UPLOAD/Dokodemo MyPC Login | Using Dokodemo MyPC which is an internet storage services. |
| HTTP UPLOAD/Gmail Mail Send | Email by Gmail |
| HTTP UPLOAD/Goo Blog | Writing on Goo Blog |
| HTTP UPLOAD/Hatena Blog | Writing on Hatena Blog |
| HTTP UPLOAD/hotmail attache file | Email with files by HotMail |
| HTTP UPLOAD/Hotmail Mail Send | Email by Hotmail |
| HTTP UPLOAD/InfoSeek Mail Mail Send | Email by InfoSeek Mail |
| HTTP Upload/Internet Disk HTTP Access | Using Internet Disk storage service |
| HTTP UPLOAD/Takufile-bin access | Connection by Takufile-bin |
| HTTP UPLOAD/Yahoo! Blog | Writing on Yahoo! Blog |
| HTTP UPLOAD/yahoo briefcase file | uploading by yahoo briefcase service |
| HTTP UPLOAD/yahoo mail attache file | Email with files by yahoo mail |
| HTTP UPLOAD/Yahoo! Mail Mail Send | Email by yahoo mail |
| HTTP UPLOAD/goo Mail Mail Send | Email by goo Mail |
| HTTP UPLOAD/livedoor Blog | Writnig on livedoor Blog |
| HTTP UPLOAD/livedoor Mail | Email by livedoor Mail |
| HTTP UPLOAD/livedoor PICS | Uploading files by livedoor PICS |
| Game | |
| GAME/Counter-Strike Login | logging in Counter-strike |
| GAME/FFXI World Login Accept | Using a game "FFXI" |
| GAME/HANGAME Flash Game | Using a game "HANGAME" |
| GAME/HANGAME Login | Using a game "HANGAME" |
| GAME/HANGAME MSN Messenger | Using a game "HANGAME" |
| GAME/Linage2 Login | Using a game "Linage2" |
| GAME/RAGNAROK Login | Using a game "RAGNAROK" |
| GAME/TOKIMEMO ONLINE Login | Using a game "TOKIMEMO ONLINE" |
| GAME/Windows Games Login | logging in Windows Original Internet Game |
| SMTP | |
| SMTP/Cc more 3 line | Sending a large number of cc Email |
| SMTP/Cc more 4 line | Sending a large number of cc Email |
| SMTP/Cc more 5 line | Sending a large numberof cc Email |
| SMTP/Cc more 6 line | Sending a large number of cc Email |
| SMTP/To more 3 line | Sending a large number of To Email |
| SMTP/To more 4 line | Sending a large number of To Email |
| SMTP/To more 5 line | Sending a large number of To Email |
| SMTP/To more 6 line | Sendinga large number of To Email |
| Streaming | |
| Streaming/Ask.jp Video Login | Logging in Ask.jp Video |
| Streaming/Ask.jp Video Streaming | Logging in Ask.jp Video |
| Streaming/Bandai Channel | Logging inBandai Channel |
| Streaming/Biglobe Stream | Logging inBiglobe |
| Streaming/DivX HP Login | Logging in DivX |
| Streaming/DivX HP Play | Logging in DivX |
| Streaming/DivX Player Login | Logging in DivX Player |
| Streaming/DivX Player Play | Logging in DivX Player |
| Streaming/GYAO | Logging in GYAO |
| Streaming/Google video Play | Logging in Google video |
| Streaming/Showtime Streaming | Logging in Showtime |
| Streaming/Yahoo JP Streaming | Logging in Yahoo! Video Japan |
| Streaming/Yahoo! Video USA | Logging in Yahoo! Video USA |
| Streaming/Yahoo! News Video USA | Logging in Yahoo! News Video USA |
| Streaming/YouTube Login | Logging in YouTube |
| Streaming/YouTube Video | Logging in YouTube |
| Net Trade | |
| Net Trade/Amazon JP Buy | Purchase on Amazon.co.jp |
| Net Trade/Rakuten Furima Buy | Purchase on Rakuten Furima |
| Net Trade/Rakuten GroupBuy Buy | Purchase on Rakuten GroupBuy |
| Net Trade/Rakuten Ichiba Buy | Purchase on Rakuten Ichiba |
| Net Trade/Rakuten Super Auction Buy | Purchase on Rakuten Super Auction |
| Net Trade/RakutenSyoken Login | Logging in the online stock market"Rakuten Shoken" |
| Net Trade/Yahoo JP Auction Bid | Tender on Yahoo! Auction |
| Net Trade/iTunes Music Store | Logging in "iTunes Music Store" |
| SQL | |
| SQL/MSSQL SQL Injection calculated query Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection char equal double quote Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection char equal single quote Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection Like char Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection null char Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection null comment single quote Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection number equal Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection select char equal double quote Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection select char equal single quote Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection sp_makewebtask Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection sql comment Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection xp_cmdshell Unicode | Attack by SQL Injection |
| SQL/MSSQL SQL Injection calculated query | Attack by SQL Injection |
| SQL/MSSQL SQL Injection char equal double quote | Attack by SQL Injection |
| SQL/MSSQL SQL Injection char equal single quote | Attack by SQL Injection |
| SQL/MSSQL SQL Injection Like char | Attack by SQL Injection |
| SQL/MSSQL SQL Injection null char | Attack by SQL Injection |
| SQL/MSSQL SQL Injection null comment single quote | Attack by SQL Injection |
| SQL/MSSQL SQL Injection number equal | Attack by SQL Injection |
| SQL/MSSQL SQL Injection select char equal double quote | Attack by SQL Injection |
| SQL/MSSQL SQL Injection select char equal single quote | Attack by SQL Injection |
| SQL/MSSQL SQL Injection sp_makewebtask | Attack by SQL Injection |
| SQL/MSSQL SQL Injection sql comment | Attack by SQL Injection |
| SQL/MSSQL SQL Injection xp_cmdshell | Attack by SQL Injection |
| SQL/Oracle SQL Injection char equal double quote Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection char equal single quote Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection Like char Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection null char Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection null comment single quote Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection number equal Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection select char equal double quote Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection select char equal single quote Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection sql comment Unicode | Attack by SQL Injection |
| SQL/Oracle SQL Injection char equal double quote | Attack by SQL Injection |
| SQL/Oracle SQL Injection char equal single quote | Attack by SQL Injection |
| SQL/Oracle SQL Injection Like char | Attack by SQL Injection |
| SQL/Oracle SQL Injection null char | Attack by SQL Injection |
| SQL/Oracle SQL Injection null comment single quote | Attack by SQL Injection |
| SQL/Oracle SQL Injection number equal | Attack by SQL Injection |
| SQL/Oracle SQL Injection select char equal double quote | Attack by SQL Injection |
| SQL/Oracle SQL Injection select char equal single quote | Attack by SQL Injection |
| SQL/Oracle SQL Injection sql comment | Attack by SQL Injection |
| JOBS | |
| JOBS/@type Login | Logging in a job-change site "@type" |
| JOBS/E-Career Login | Logging in a job-change site"E-Career" |
| JOBS/Mainichi Career Nabis HTTP Login | HTTP Logging in a job-change site"Mainichi Career Nabis" |
| JOBS/Mainichi Career Nabis HTTPS Login | HTTPS Logging in a job-change site"Mainichi Career Nabis" |
| Test Rules | |
| Test Rules/2ch Write Only | BBS/2ch Write 1 |
