Spoofed packets for BGP can be blocked if say someone add a feature in the bgp implementation to check the TTL of 255. The directly connected neighbor should source it with 255 TTL instead of 1. This should defeat the spoofed packets sourced from more than one hop. Just a thought; maybe cisco can think on these lines. Majid