A good way to start is by using tcpdump or ethereal to capture a few packets to see what's going on, so that you can verify it is malicious in nature as well as get a idea of the specific type of traffic you're dealing with. There are various measures you can take that are dependant on what kind of traffic you're seeing.
If it is malicious, then you definitely want to notify your ISP as well as the owner of the netblock that the traffic is originating in (you can usually find an abuse@ address using a whois lookup). From there, you can try turning off connection tracking (lots of resource consumption tracking connection states) and use simple packet filtering. You can also try adjusting several of the sysctl networking parameters (shorten connection timeouts). If you're dealing with a syn flood, then turning on tcp_syncookies may help too. Seeing what type of traffic is hitting your box will help to narrow down the best options (in theory
Finally, make sure that your kernel and iptables versions are current. There are several DoS vulnerabilities (including CPU resource consumption) in older versions.