A couple curiosities:

I've seen a few home/sb routers whose firewall will drop a TTL of not only 0, but 1 as WELL. Any thoughts on why this is?

Does it make sense to drop even a TTL 0 at the home router level? The packet has already gone through the internets and is now on the cusp of your private network. Why discard it now? SECURITY repercussions?

Thanks.It is to prevent TTL Expiry attacks. Attackers could otherwise craft packets with low TTL values in the header with a spoofed return address, and send it to a router. According to RFC 791, the Router would be required to respond to the return address with a Time EXCEEDED message. The attack is PERFORMED by effectively flooding various Internet-accessible machines with these spoofed packets with low TTL values, and the target address at which point that target address get's flooded with Time Exceeded messages.

it is an attack because these sorts of required responses and Packet issues such as the ICMP reply to expired packets are an exception case, so routers need to 'work harder' to PROPERLY respond to them, which will slow down legitimate traffic particularly when that sysmte is being flooded with them.

What this means is that many routers software/firmware deviate from RFC 791 to combat the system being a participant in such an attack, by discarding packets with low TTL values.Thanks dude!