[154682] in North American Network Operators' Group
Re: job screening question
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jul 7 22:36:53 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <6287cebd84702948aa393809d67e39e0@mail.dessus.com>
Date: Sat, 7 Jul 2012 19:32:25 -0700
To: "Keith Medcalf" <kmedcalf@dessus.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 7, 2012, at 5:44 PM, Keith Medcalf wrote:
>> "What's the problem with using 255.255.255.247 as a subnet mask if =
you
>> want to make a LAN subnet with 12 hosts?"
>> (5 word answer)
>=20
> Unemployment Office Is That Way ->
>=20
> Is the only 5 word answer I could come up with. The correct answer =
"invalid netmask", is only two words.
>=20
LoL...
Even if you allowed for discontiguous subnet masks, you'd need to use =
255.255.255.243 and not
255.255.255.247 to achieve 12 hosts.
Not sure what 5 word answer you're looking for, but Keith's answer and =
mine are the two most obvious
issues I can think of.
>=20
>> "What TCP destination port numbers should be allowed through the
>> perimeter stateful firewall device to and from a mail server whose
>> only purpose is to proxy SMTP mail from internal sources?"
>> (one number answer)
>=20
> Short Answer: There is no answer to the question that can be =
expressed in one number.
Sure there is, if you count "none" as a number.
> Outbound connections to TCP destination port 25 only. Returning =
traffic (including associated ICMP) should be automatically handled by =
your stateful inspection firewall. If not, you need to buy a better =
firewall.
I'd allow 25 and 465 outbound, myself. No reason to block SSL if the =
remote side offers the capability.
ICMP wouldn't be a TCP destination port number anyway.
> Any applicant who provides any answer should the rejected out of hand =
as (a) being unable to read (b) being a threat to security.
LoL... Some truth to that.
Owen
