>> IMHO maximum HTL should be single-digits or you risk flooding. > > I don't follow. What do you mean? At each hop a probe either stays > locally (if a candidate is not accepted) or is routed to another > random node.
On a global scale, the if the rate of new probe requests is higher than the rate at which existing ones expire the number of active probes at any moment will not reach balance. Higher HTL makes a ddos against the probe mechanism easier; in this scenario the internal limit of 5 simultaneous probes ends up assisting the attacker. Would it be possible to simulate a single-digit HTL network? My intuition suggests the graph of effectiveness of probes vs. HTL has a logarithmic shape.
