A Denial of Service attack received at a network node from a packet data communications network is managed by tracing the path of predominantly malicious data packets arriving at the network node. The attack may be mitigated by selecting a router along the detected path and requesting the router to alter its handling of the data traffic. In one embodiment, the selected router installs a filter for data directed at the network node. In a different embodiment, the router alters a Quality of Service setting for the data directed at the network node. The network node may also request the router to mark all data being forwarded to it, to allow the network to characterize the data and determine to what extent it consists of malicious data.