seeing remote MTUs of 250 and 68. is this ever valid?

An MTU of 68 bytes is valid in IPv4 according to RFC 791:

Every internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an internet header may be up to 60 octets, and the minimum fragment is 8 octets.

The requirement for the reassembled size to be supported is a lot larger:

Every internet destination must be able to receive a datagram of 576 octets either in one piece or in fragments to be reassembled.

In IPv6 these numbers were increased to 1280 and 1500 bytes as mentioned in RFC 2460:

IPv6 requires that every link in the internet have an MTU of 1280 octets or greater. On any link that cannot convey a 1280-octet packet in one piece, link-specific fragmentation and reassembly must be provided at a layer below IPv6.

A node must be able to accept a fragmented packet that, after reassembly, is as large as 1500 octets. A node is permitted to accept fragmented packets that reassemble to more than 1500 octets. An upper-layer protocol or application that depends on IPv6 fragmentation to send packets larger than the MTU of a path should not send packets larger than 1500 octets unless it has assurance that the destination is capable of reassembling packets of that larger size.

In case anyone cares, here's what I found.

Short answer is that no, these small MTUs are not legal but FreeBSD 7 & 8 should handle the situation better since some code changes were committed around the end of August.

This problem report has more: http://www.freebsd.org/cgi/query-pr.cgi?pr=146628

Path MTU discovery was not clearing the "don't fragment" flag, which means that a stubborn bad-behaving host on the other side would continue to send the storms of unreachable "frag needed" messages. Now after the first tiny MTU is received DF is cleared, which effectively moves the problem downstream to the router nearest the offender. (Since they will have to make absurd fragments for the offender.)