[morning-coffee]

?? I don't understand the conclusion to block incoming SYNs with TTL > 70... you're blocking all (even valid) connection attempts from users running other OS's that don't choose the default TTL of 64... like Windows, which I think uses 128.

[spc476]

When in the past you learned that the recommended value for the TTL was 64 and you didn't think any operating system would pick a value much larger than that.