Cloud computing is becoming the leading IT computational technology due to the increasing acceptance of clouds as a viable solution for many different computing needs. Although it is being touted as a path for cost savings, not everyone in the computing community agrees with the advantages provided by cloud computing. While clouds can be highly productive and economical, cloud computing is vulnerable to different types of attacks, such as denial of service and distributed denial of service (DoS/DDoS) attacks. The focus of our research is to provide uninterrupted cloud services when the system is under a DoS threat from an external adversary. Several architectures have been suggested by different research groups to detect DDoS attacks. None of them considered the occurrence of virtualization in a cloud infrastructure, specially, the impact of DDoS on virtual networks and its side effects on co-resident virtual machines (siblings) or their neighbors. In this paper, we present results from experiments we conducted on our local private cloud instances to explore the amplification of external DoS attacks from a large number of botnets. All these botnets were hosted in the commercially used public cloud Amazon EC2. We measured the impact in terms of bandwidth and transfer packets for the victim machine as well as the siblings and neighbor instances. We then deployed a filtering mechanism named FAPA to successfully protect the victim machines from DoS attacks.