What stops them doing the same thing with the TTL value in their packets, before they reach you?
Or just using a proxy which creates its own packets anyway?
Or using an SSH tunnel to forward the other traffic?
Or using a different O/S which sets a different initial TTL value than you're assuming, when it sends packets?
Nothing. If they know what they are doing then there is no way to detect or to stop such incidents. But people who have enough knowledge to do something like this..... there are only few of them :)
Only a couple people will know what is proxy and how to set it up.
Only a few of them will know how to set up an SSH tunell and how to usae it.
And people who know how to use TTL.... There will be only about 5 people of a thousand....