Distributed Denial Of Service, it's impossible to prevent.
What you can do, is to put an upper bound limit which doesn't prevent DDOS. Let's say that your system answers up to 20000 requests, let's say that the attacker may perform 20000 connections, and let one user wanna use your service. That's all, the only true user can't use your connection because 20000 fake users are filling your system. I've used the word "system" because DDOS might attack your band-W or your hardware (server memory, server processor, and so forth).
During these days two of the major network and fashion's services has been attacked ! FaceBook and Twitter were down for hours..
Here FaceBook wired paper.
Here Twitter wired paper.