A recent article from UNIXy http://blog.unixy.net/2010/08/the-penultimate-guide-to-stopping-a-ddos-attack-a-new-approach/ has suggestions to harden a Linux box against DDoS attacks.
Example of sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000
Any other recommendations for hardening Linux against DDoS attacks?
Best Answer
You can also turn down the read/write socket buffers as well, which would decrease the amount of memory each inbound connection requires.
http://wwwx.cs.unc.edu/~sparkst/howto/network_tuning.php
You'll have to actually test it out for your application and your hardware (yes, those settings can cause weird side effects depending on your NIC), since you may break more than you save depending on your traffic flow.