Distributed Denial of Service (DDoS) attacks remain one of the most serious threats on the Internet. Combating such attacks to protect the victim and network infrastructure requires a distributed real-time defense mechanism. We propose Responsive Point Identification using Hop distance and Attack estimation rate (RPI-HA) that when deployed is able to filter out attack traffic and allow legitimate traffic in the event of an attack. It dynamically activates detection and blocks attack traffic while allowing legitimate traffic, as close to the source nodes as possible so that network resources are not wasted in propagating the attack. RPI-HA identifies the most effective points in the network where the filter can be placed to minimize attack traffic in the network and maximize legitimate traffic for the victim during the attack period. Extensive OPNET$$^{\copyright }$$ based simulations with a real network topology and CAIDA attack data set shows that the method is able to place all filtering routers within three routers of the attacker nodes and stop 95% of attack traffic while allowing 77% of legitimate traffic to reach victim node.