Wireless network is more vulnerable to denial of service (DoS) attacks than wired one. In this paper we propose two methods to resist DoS attacks in UMTS-WLAN network, one is active and the other is passive. These two are complementary to each other. In active DoS defense method, a mobile terminal generates an authorized anonymous ID (AAI) using its true ID such as IP address, MAC address, PIN code, or asymmetric key, and substitutes its true ID with the authorized anonymous ID. The mobile terminal may be authenticated by the UMTS-WLAN, however its true ID is anonymous to intending attackers. This method can be used to isolate de-authenticating/disassociating DoS attackers, spoofing power-save DoS attacker, etc. In passive DoS defense method, we propose a trace back scheme. We use covert channels in the header of mobile IP packets to trace back the malicious nodes by embedding some address information of intermediate nodes, and recovering the embedded information by the victim. After the victim successfully traces the attacking paths from malicious nodes, it can segregate the malicious nodes and protect itself. This method can be used to resist DoS attacks of mass-produced junk message congestions.