There is no easy way to fight a DDoS. If you have a good provider, they monitor network activity, and can usually help out in the attack. If you have a firewall, you can drop the IP being attacked. A firewall will not do anything to prevent the attack or fight it, because the DDoS is still hording your bandwidth :( A windows machine will most likely go down in the event of ddos attack. A unix variant system, such as freebsd, can withstand the attacks and will most likely stay up throughout. to help prevent it a DDoS: don't allow people to IRC from your machines. Don't host sites that are asking for trouble dont' host ircds

DDOS attacks are difficult to combat. DDOS attacks exploit two weaknesses inherent in the system. The first is the way computers make connections across the internet. The second being the actual data being transfered. Internet content servers are designed to provide a service to a customer base. Typically servers must handle some form of request for service/provision of service with every client which connects to the server. For web pages the protocol is http (typically) and clients connect to the server to get the web page. Servers can only handle a certain number of clients connecting at once, as they only have a limited amount of computational power with which to provide the service being requested. Small websites will see a only a few connections a minute, large sites such as google can see hundreds of thousands of connections simultaneous. Google requires the use of massive server farms to provide adequate service to its customers, the small website however can most likely get along with only a single server. Standard denial of service attacks simply make as many connections as possible with the target server in an attempt to fill its connection queue. Filling the connection queue forces the server to reject any further connections, thus the DOS attack forces the server to handle bogus requests while potentially legitimate requests go unanswered. Fighting this aspect of the attack from a single computer is simple with an adequate firewall. Setting up your firewall to block connection attempts from any client who attempts an abnormal number of connections at a given time will prevent the bogus connections from using your open connection slots. Distributed forms of this attack complicate the matter because no single client is responsible for using the available connections. Typically however distributed attacks come from a collection of infected computers from within a specific range, or ranges, of ip's and you can block that range(s) of ip's. Doing so runs the risk of blocking legitimate requests, but overall your service will remain Available to as many users as possible. The Second complication is much more difficult to deal with unless you have a good ISP. Standard dos attacks will more than likely not use all of your Available bandwidth, however distributed attacks run the potential of "clogging" your pipe with bogus data. Assuming a typical T-1 connection has a theoretical max throughput of 1.5mbps, and the average dsl connection has 258kbps upstream bandwidth. Roughly six or seven zombie (the computers used to perform a ddos) will fill the pipe with bogus data, resulting in extremely slow or rejected service for legit customers on your ISP's end. To combat this aspect of the attack you have to have your ISP block the data at their end of the connection (the ISP has much more bandwidth and might not even notice the ddos unless you alert them). Again you run the risk of blocking legit connections, however if you want to provide any service at all you will need to block some.