The present invention protects local services from Denial of Service (DoS) attacks based on network paths or sub-paths used to transfer data between a local service and remote clients. As requests for connections to the local services are received, the network sub-paths corresponding to the requests can be retrieved by a tracing process and/or from a database. Connections or other requests with similar or common network sub-paths are also determined. Based on the number of connections and/or requests with similar or common network sub-paths, the connections and/or requests can be throttled. For example, if the number of connections and/or requests with similar or common network sub-paths exceeds a predetermined threshold, then the connections may be disconnected or requests rejected or delayed for processing.