Since so far 6 people misunderstood this, I *meant* those networks
that don't need to permit it, should consider filtering inbound ICMP
echo request packets. (And, hence, blocking the spoofed packet from
causing an ICMP echo reply flood.)

I personally don't see why this would be preferable to just putting no
ip directed-broadcast on all relavent interfaces.