in the mean time you could try and find the differences between the DDOS packets & the good packets by doing packet captures (& analyzing them in wireshark)
@coldfix if you’re looking for control plane protection (or policing) a different brand of FW would be needed as PFsense does not have any mitigation for that.
