First, I'd recommend you get a good solid understanding of how an outbound DDoS attack can be perpetrated, and resort to preventing it at the network layer after you've ensured the other checks are in place. Unfortunately, I don't know of any good papers on DDoSes and how to secure your corporate network.
Personally, I use a rule that limits each internal ip to sending 3 SYNs to a specific IP in a given minute, and totally blocks outbound packets that aren't TCP/UDP on the border firewall. Unfortunately, I have yet to come up with a good solution to stopping something on my lan from UDP flooding. The one time someone brought something into work with a DDoS trojan on it (gotta love zip disks), NAV Corp. Edition caught and identified it and eliminated it as soon as the file got placed on the local filesystem. It's not much of an issue with good systems administration. Blocking it at the border firewall is still only a band-aid fix as the real problem is preventing the DDoS agents from getting onto the machines in the first place.
Typically, a DDoS is perpetrated by trojans designed to do things like connect to an IRC server and wait for commands, or listen for a specifically formatted packet. The former has become a much more popular method recently, since non-routable addresses can still be talked to. Most A/V software can stop these types of DDoS attacks in their tracks.
As for incoming packet flooding DDoS attacks (the most common), if it's properly done, there is basically nothing you yourself can do. You must rely on your upstream provider to do the work on their end. There are certain things you can do to mitigate the effects of say, a SYN flood, or other such attacks, but in reality those attacks are now rare, especially with the advent of certain solutions/approaches to the whole problem (ie: SYN Cookies) that basically negate them.
I have about 200 computers on a windows 2000 network running active directory also a t-1 with a cisco pix 500 firewall but I think some computers may be corrupted with DDOS.
Facebook
Twitter