Blaine Christian wrote
RFC 3682 - The Generalized TTL Security Mechanism (GTSM) (RFC3682)
I agree that it is not a panacea... But, you must admit,
it provides an incredible level of comfort. It would be
wonderful to only allow internally generated traffic to
talk to the core of your network with a simple TTL filter.
Versus anti-spoofing filters from hell.
That's not the way I see this at all. I look at it as a good complement
to anti-spoofing filters as part of defense in depth, in case said
filters get SNAFUed. My primary line of defense will remain ACLs.