#!/usr/bin/perl -w
#
# make-honeyd-config
#
# Builds a honeyd config file in the current directory
#
#
# Andrew Findlay
# 10 April 2003
#
# $Id: make-honeyd-config,v 1.10 2009/10/21 11:22:06 afindlay Exp $

use lib '/usr/local/lib/raddle/branch-network';

use strict;
use netconfig;

print "
# branch network simulation using honeyd
#
# NOTE: to make this work on a real ethernet you must run:
#	arpd $R1ClassNetAddr
#	sysctl -w net.ipv4.ip_forward=0
# and also fix the routing tables of the management stations
# so that they can reach the emulated networks

# NOTICE
# NOTICE Do not edit this file directly.
# NOTICE It will be overwritten at boot time.
# NOTICE Make permanent changes in the script 'make-honeyd-config'
# NOTICE



########################################################################
# Host templates
########################################################################

# NOTE: the 'personality' string must be copied exactly from a suitable
#       'Fingerprint' line in honeyd's nmap.prints file.
#       It sets the low-level details of how the emulated device responds
#       to network traffic. In some cases devices have bugs which confuse
#       network management systems so it can be useful to try different
#       personalities.

# The default template prevents us responding to every address we see
create default
set default personality \"Microsoft Windows 98 SP2\"
set default default icmp action block
set default default tcp action block
set default default udp action block

create r1
set r1 personality \"Cisco 7206 running IOS 11.1(24)\"
set r1 default tcp action reset
set r1 default udp action reset
add r1 udp port 161 proxy localhost:9501
add r1 tcp port 161 proxy localhost:9501
add r1 tcp port 23 \"/usr/local/lib/raddle/branch-network/scripts/router-telnet.pl\"

create r2
set r2 personality \"Cisco 7206 running IOS 11.1(24)\"
set r2 default tcp action reset
set r2 default udp action reset
add r2 udp port 161 proxy localhost:9502
add r2 tcp port 161 proxy localhost:9502
add r2 tcp port 23 \"/usr/local/lib/raddle/branch-network/scripts/router-telnet.pl\"

create r3
set r3 personality \"Cisco 7206 running IOS 11.1(24)\"
set r3 default tcp action reset
set r3 default udp action reset
add r3 udp port 161 proxy localhost:9503
add r3 tcp port 161 proxy localhost:9503
add r3 tcp port 23 \"/usr/local/lib/raddle/branch-network/scripts/router-telnet.pl\"

# Host without SNMP
create dumbhost
set dumbhost personality \"Microsoft Windows 98 SP2\"
set dumbhost default tcp action reset
set dumbhost default udp action reset

# Host with SNMP and web but no ping
create nopinghost
set nopinghost personality \"Linux 2.4.7 (X86)\"
add nopinghost udp port 161 proxy localhost:9504
add nopinghost tcp port 80 \"/usr/local/lib/raddle/branch-network/scripts/web.sh\"
set nopinghost default icmp action block

# Ether switch s1
create s1
set s1 personality \"Cisco Catalyst 1900 switch, Bay networks 350-450 switch,  or Netopia DSL/ISDN router\"
set s1 default tcp action reset
set s1 default udp action reset
add s1 udp port 161 proxy localhost:9505
add s1 tcp port 161 proxy localhost:9505
add s1 tcp port 23 \"/usr/local/lib/raddle/branch-network/scripts/router-telnet.pl\"

# Ether switch s2
create s2
set s2 personality \"Cisco switch/router with IOS 11.1(7)-11.2(8.10)\"
set s2 default tcp action reset
set s2 default udp action reset
add s2 udp port 161 proxy localhost:9506
add s2 tcp port 161 proxy localhost:9506
add s2 tcp port 23 \"/usr/local/lib/raddle/branch-network/scripts/router-telnet.pl\"


########################################################################
# Topology
########################################################################

# Entry-point router r1
# Known here by the IP address of its nearest interface - $R1ClassNetAddr
route entry $R1ClassNetAddr
route $R1ClassNetAddr link $R1ClassNetAddr/32
route $R1ClassNetAddr link $SerialNetNet/$SerialNetMaskLen
bind $R1ClassNetAddr r1
bind $R1SerialNetAddr r1
# Line out to remote site has routes for each remote net
route $R1ClassNetAddr add net $SiteSuperNet/$SiteSuperNetMaskLen $R2SerialNetAddr latency 30ms

# Remote site WAN router r2
# Known here by the IP address of its nearest interface - $R2SerialNetAddr
#
route $R2SerialNetAddr link $SerialNetNet/$SerialNetMaskLen
route $R2SerialNetAddr link $NetANet/$NetAMaskLen
route $R2SerialNetAddr link $NetBNet/$NetBMaskLen
route $R2SerialNetAddr add net $NetCNet/$NetCMaskLen $R3NetAAddr latency 2ms
bind $R2SerialNetAddr r2
bind $R2NetAAddr r2
bind $R2NetBAddr r2


# Remote site internal router r3
# Known here by the IP address of its nearest interface - $R3NetAAddr
# (Note that we do not allow routing via net B)
route $R3NetAAddr link $NetANet/$NetAMaskLen
route $R3NetAAddr link $NetBNet/$NetBMaskLen
route $R3NetAAddr link $NetCNet/$NetCMaskLen
bind $R3NetAAddr r3
#
bind $R3NetBAddr r3
#
bind $R3NetCAddr r3
#


########################################################################
# Hosts that do not route
########################################################################

bind $HostA1Addr nopinghost

bind $HostB1Addr dumbhost
bind $HostB2Addr dumbhost

bind $HostC1Addr dumbhost
bind $HostC2Addr dumbhost
bind $HostC3Addr dumbhost

bind $SwitchS1Addr s1
bind $SwitchS2Addr s2

########################################################################
";


