By the way, the correct acronym is DDoS
There are lots of different types of DDoS attacks. The most common these days is a simple SYN flood that exhausts the amount of buffers available to hold half-open connections. It can be mitigated by turning on syncookies (on Linux) or synproxy (on some other OSs, such as OpenBSD) to handle SYN requests more intelligently. You can also increase the amount of buffers available for half-open connections and decrease the time-out period to expire them.
See
this site for more information.
There are also other types of DDoS attacks, such as simple ICMP floods that fill up all your bandwidth (which is the old-style PING flood), smurf attacks, and much more complicated schemes that generally go beyond the scope of such a simple question.
A packet filter firewall will be able to help with some of them, but any DoS that operates by filling your network bandwidth will still incapacitate you if your ISP cannot provide assistence. A common manifestation of this is the "Slashdot" syndrom, where a site with a small amount of bandwidth becomes linked by Slashdot.org and the sheer amount of incoming HTTP requests overwhelms it.