A method and apparatus for defending against a Denial of Service attack wherein a target victim of an attack recognizes the existence of an attack, identifies the source of the attack, and automatically instructs its carrier network to limit (e.g., block) transmission of packets from the identified source to the victim. The victim may identify the existence of an attack based on various criteria determined within the victim's site's infrastructure, and may employ event correlation techniques to make the determination. The victim then communicates one or more source/destination IP (Internet Protocol) address pairs to the carrier, which will then limit the transmission of packets from a specified destination IP address to a corresponding source IP address. The victim may advantageously communicate the source/destination IP address pairs with use of security signatures and by using redundant connections to the carrier network to ensure delivery even under congested network conditions.