Local monitoring has been demonstrated as a powerful technique for mitigating security attacks in multi-hop ad hoc networks. In local monitoring, nodes overhear partial neighborhood communication to detect misbehavior such as packet drop or delay. However, local monitoring as presented in the literature is vulnerable to a class of attacks that we introduce here called stealthy packet dropping. Stealthy packet dropping disrupts the packet from reaching the destination by malicious behavior at an intermediate node. However, the malicious node gives the impression to its neighbors that it performed the legitimate forwarding action. Moreover, a legitimate node comes under suspicion. We introduce four ways of achieving stealthy packet dropping, none of which is currently detectable. We provide a protocol called DISA, based on local monitoring, to remedy each attack. DISA incorporates two techniques—having the neighbors maintain additional information about the routing path, and adding some checking responsibility to each neighbor. We show through analysis and simulation that basic local monitoring (BLM) fails to efficiently mitigate any of the presented attacks while DISA successfully mitigates them. Copyright © 2009 John Wiley & Sons, Ltd.