A method and apparatus which defends a host, which is coupled to the Internet, via a defensive firewall/router, against a denial of service attack The technique includes periodically determining the status of the host, storing the status of the host, receiving at the defensive firewall/router a request from an entity on the Internet for service from the host, and responding to the entity in accordance with the stored status. The period that is set is not related to the request.