job screening question

Thomas York straterra at
Thu Jul 5 17:08:30 UTC 2012

My answer to that questionwould be "No..why would I ever blanket block ICMP?
If I'm that stupid, I shouldn't be deploying firewalls at all."

I also assume I wouldn't get the job after answering that...

Thomas York

-----Original Message-----
From: William Herrin [mailto:bill at] 
Sent: Thursday, July 05, 2012 1:02 PM
To: nanog at
Subject: job screening question

Hi folks,

I gave my HR folks a screening question to ask candidates for an IP expert
position. I've gotten some "unexpected" answers, so I want to do a sanity
check and make sure I'm not asking something unreasonable.
And by "unexpected" I don't mean naively incorrect answers, I mean
oh-my-God-how-did-you-get-that-cisco-certification answers.

The question was:

You implement a firewall on which you block all ICMP packets. What part of
the TCP protocol (not IP in general, TCP specifically) malfunctions as a

My questions for you are:

1. As an expert who follows NANOG, do you know the answer? Or is this
question too hard?

2. Is the question too vague? Is there a clearer way to word it?

3. Is there a better screening question I could pass to HR to ask and check
the candidate's response against the supplied answer?

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <> Falls
Church, VA 22042-3004

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7086 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list