congestion indicator in stack and pf older, but not well known perhaps because it just works :) hacked with bob in edmonton in april 2004 had a rather stupid (but massive) synflood attack bandwidth: boring, few MBit/s packet rates: medium since every single SYN caused a full ruleset traversal, and our ruleset is big, firewall ran out of CPU could not even log in via cereal console to fix things unplug network, add a "block in quick proto tcp to $target not port 80" early, everything fine again