Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. After analyzed Ad Hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a generic defense against the Ad Hoc Flooding Attack in mobile ad hoc networks. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the Ad Hoc Flooding attack efficiently.