In homeland security and defense, cloud security is critical. As an increasing number of governments and organizations outsource their computing to the cloud, they at the same time make it an attractive target for terrorists and hackers. Cloud computing offers a great opportunity for improved productivity and lowered cost, however, it meanwhile raises potential security issues as attackers from around the nation or world could be its legal tenants. This paper studies one of the potential security problem, namely, legal yet malicious tenants would launch low-rate DoS (Denial of Service) attack (or Shrew attack for short) to the co-residents once they rent and control a part of computing resources. To explore the feasibility and understand the possible attack pattern, we try to identify bottlenecks in the underlying DCNs (Data Center Networks), and then attack the victim with as little traffic. Moreover, an analytical model is built to quantitatively analyze the necessary and sufficient traffic for an effective attack. Finally, we propose a universal receiver-enforced dynamic bandwidth allocation technique named Redball to enhance defense capabilities of the cloud. Redball could intelligently throttle shrew attack in DCNs by decomposing its group behavior, enforce an average fair share of bandwidth among tenants in a workconserving way, and yet sacrifice only a small proportion of flows by delaying allocating bandwidth for them. Further, our proposal modifies only the endpoints, leaving the network gears untouched.