Blocking spoofing at the source (was: ICMP Attacks??)

> This won't work on anything with multiple diverse paths. And I don't know
> many companies with their own WANs that don't have such.

This rule could be made to work only on links that aren't doing any dynamic
routing protocols, which makes it useful for things like dialup servers.
Since it becomes next to impossible to filter at the core router level, I
think the proper place to do this is at the edge of the network (dialup
servers, static-routed links back to customers), rather than the center.

You're assuming that all non-Internet networks have cores. Very untrue.