diff --git a/ackhandler/received_packet_handler.go b/ackhandler/received_packet_handler.go
index 721107472..241de5791 100644
--- a/ackhandler/received_packet_handler.go
+++ b/ackhandler/received_packet_handler.go
@@ -6,12 +6,16 @@ import (
 
 	"github.com/lucas-clemente/quic-go/frames"
 	"github.com/lucas-clemente/quic-go/protocol"
+	"github.com/lucas-clemente/quic-go/qerr"
 )
 
 // ErrDuplicatePacket occurres when a duplicate packet is received
 var ErrDuplicatePacket = errors.New("ReceivedPacketHandler: Duplicate Packet")
 
-var errInvalidPacketNumber = errors.New("ReceivedPacketHandler: Invalid packet number")
+var (
+	errInvalidPacketNumber               = errors.New("ReceivedPacketHandler: Invalid packet number")
+	errTooManyOutstandingReceivedPackets = qerr.Error(qerr.TooManyOutstandingReceivedPackets, "")
+)
 
 type packetHistoryEntry struct {
 	EntropyBit   bool
@@ -64,6 +68,10 @@ func (h *receivedPacketHandler) ReceivedPacket(packetNumber protocol.PacketNumbe
 
 	h.garbageCollect()
 
+	if uint32(len(h.packetHistory)) > protocol.MaxTrackedReceivedPackets {
+		return errTooManyOutstandingReceivedPackets
+	}
+
 	return nil
 }
 
diff --git a/ackhandler/received_packet_handler_test.go b/ackhandler/received_packet_handler_test.go
index 906030f71..739c50b7c 100644
--- a/ackhandler/received_packet_handler_test.go
+++ b/ackhandler/received_packet_handler_test.go
@@ -63,6 +63,16 @@ var _ = Describe("receivedPacketHandler", func() {
 			Expect(handler.packetHistory).To(HaveKey(protocol.PacketNumber(3)))
 			Expect(handler.packetHistory[3].TimeReceived).To(BeTemporally("~", time.Now(), 10*time.Millisecond))
 		})
+
+		It("doesn't store more than MaxTrackedReceivedPackets packets", func() {
+			for i := uint32(0); i < protocol.MaxTrackedReceivedPackets; i++ {
+				packetNumber := protocol.PacketNumber(1 + 2*i)
+				err := handler.ReceivedPacket(packetNumber, true)
+				Expect(err).ToNot(HaveOccurred())
+			}
+			err := handler.ReceivedPacket(protocol.PacketNumber(3*protocol.MaxTrackedReceivedPackets), true)
+			Expect(err).To(MatchError(errTooManyOutstandingReceivedPackets))
+		})
 	})
 
 	Context("Entropy calculation", func() {
diff --git a/protocol/server_parameters.go b/protocol/server_parameters.go
index 77f34e43d..9451fdc3e 100644
--- a/protocol/server_parameters.go
+++ b/protocol/server_parameters.go
@@ -59,6 +59,10 @@ const STKExpiryTimeSec = 24 * 60 * 60
 // TODO: decrease this value after dropping support for QUIC 33 and earlier
 const MaxTrackedSentPackets uint32 = 2000
 
+// MaxTrackedReceivedPackets is the maximum number of received packets saved for doing the entropy calculations
+// TODO: think about what to do with this when adding support for QUIC 34
+const MaxTrackedReceivedPackets uint32 = 2000
+
 // MaxStreamFrameSorterGaps is the maximum number of gaps between received StreamFrames
 // prevents DOS attacks against the streamFrameSorter
 const MaxStreamFrameSorterGaps = 50