Approved by: kris (former maintainer)
is considered "suspicious" with the actual TTL of a test packet sent to that host, to try and detect packet spoofing. It is intended to be used as part of an IDS system.