> TTL spoofing is considered to be more-or-less impossible
I didn't understand that at first. A better way to put it (again, from the RFC) is "...a TTL (or Hop Limit) value of 255 is non-trivial to spoof".
That makes more sense. 255 is the hardest to spoof, because it means one of your immediate neighbours must be compromised. Smaller TTLs are progressively easier, since the set of routers (from which you need to compromise just one, to fake the TTL) grows in size.