There is an undocumented feature in Windows Vista, 7, and 8 (now 8 is a bit different and I'm unsure this procedure will work as stated) that allows you to protect a system from DDOS attacks.
According to speedguide.net:
"SynAttackProtect
This undocumented setting provides protection against SYN denial of service (DoS) attacks. When enabled, connections timeout sooner if SYN attack is detected. When set at 1, TCPMaxDataRetransmissions can be lowered further.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
Create the following new DWORD (32-bit if running a 64-bit machine) entry in the parameters key:
"SynAttackProtect=1 (DWORD, recommended:" <decimal>"1, not present in registry by default)"