I am not sure that 254 is a good maximum number. Perhaps someone "in the know" can enlighten all of us as to why they chose to stop at 254 instead of 255.
I can think of at least one vendor who decremented TTL prior to letting the packet come up to the RP. Further, the same vendor would drop the packet on the line card when the TTL went to zero, so the RP never got a chance to see it. I suspect that there are no other routers out there that do this today, but unless all vendors are willing to stand up and say that they deal with such things properly today, this is a possible issue. Allowing 254 gives some slack and doesn't open the window significantly. If someone were to use this to attack, then at the very worst, they are one hop away from an EBGP speaker. I suspect that this will make them relatively easy to track down. If folks do feel that this is a significant issue, then some operator who is both motivated about this and about to write a big check should poll his favorite router vendors and see if they all comply and then report back. Tony