A router includes a detection module to detect a presence of the network attack, such as a denial of service (DOS) attack. The detection module may, for example, include counters indicating a number of packets processed for various network protocols supported by the router. The detection module enables a rate-limiting operating mode for the router when one or more of the counters exceed a protocol-specific threshold. Under normal traffic levels, the router receives inbound packets using interrupt-driven service routines. When a network attack is detected, however, the router dynamically switches modes and processes the packets using a finely controlled software process. This allows the software process to control the computing resources allocated to servicing packets during a network attack, thereby reserving sufficient resources for lower priority software processes to process the packets and service other tasks.