endairA is one of the most secure on-demand ad hoc network source routing protocols which provides several defense mechanisms against so many types of attacks. In this paper, we prove the vulnerability of endairA to the tunneling attack by presenting an attack scenario against it. We also propose a new security mechanism to defend it against the tunneling attack by the utilization of the delay between receiving and sending its control packets computed locally by all intermediate nodes. Our proposed security mechanism can detect probable tunnels in the route as well as approximate locations of the adversarial nodes. It needs no time synchronization between mobile nodes of the network. It also does not change the number of control packets involved in endairA and only modifies the RREP messages slightly.