My answer to that questionwould be "No..why would I ever blanket block ICMP? If I'm that stupid, I shouldn't be deploying firewalls at all." I also assume I wouldn't get the job after answering that... Thomas York -----Original Message----- From: William Herrin [mailto:bill@herrin.us] Sent: Thursday, July 05, 2012 1:02 PM To: nanog@nanog.org Subject: job screening question Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some "unexpected" answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by "unexpected" I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004