In a method for responding to a denial of service attack at a higher layer of a communication network, said communication network also having a lower layer beneath the higher layer for receiving packet information from users, providing a packet filter inspection layer between the higher layer and the lower layer. By use of an application layer which is associated with or comprises said higher layer, creating a rule in the packet filter layer to identify a likely denial of service attack. By use of the packet filter inspection layer, inspecting incoming packet information to determine whether it is a likely denial of service attack, and if it is stopping the incoming packet information from being sent to the application layer. After a predetermined time period, stopping use of the rule to prevent packet information from being sent through to the application layer.