Denial of Service Mitigation

Caveat: very difficult to combat bandwidth-based DoS

synproxy
Adaptive Timeouts
max-src-states and max-src-nodes
ALTQ
Input queue congestion handling