The rushing attack, a new attack that results in denial-of-service when used against all previous on-demand ad hoc network routing protocols, For example, DSR, AODV, and secure protocols based on them, such as Ariadne, ARAN, and SAODV, are unable to discover routes longer than two hops when subject to this attack. This attack is also particularly damaging because it can be performed by a relatively weak attacker. We analyze why previous protocols fail under this attack. We then develop Rushing Attack Correction (RAC), a generic defense against the rushing attack for on-demand protocols. RAC incurs no cost unless the underlying protocol fails to find a working route, and it provides provable security properties even against the strongest rushing attackers.