Mitigating DDoS attacks is pretty basic, depending on whether they're trying to attack the TCP stack (like SYN floods) or the protocol (like that NTP reflection attack that was going on a couple of months ago). More servers won't help unless you have a genuine scaling problem.
Care to elaborate on the pretty basic way a DDoS can be mitigated? I'm sure plenty of people will be interested...
Mitigating DDoS attacks is never "basic". Mitigating the DDoS attacks that have been ongoing for quite some time against Eligius is time consuming, requires cooperation of many different entities, and is a genuine pain in the ass. But, I'd much rather mitigate than give the attackers any satisfaction.
It depends on the attack, but most of the garden variety DDoS is basic, but you seem adverse to accepting anyone's help or expertise, Wiz.
SYN floods are very basic unless the packet rate actually exceeds your available bandwidth. There's not much you can do without the help of your backbone provider if they can actually fill your pipe. But if it's just a socket threshold limit on the server itself there's a couple of ways to protect yourself, even without a decent accelerator or IDP. Basic steps like enabling SYN cookies, increasing your syn backlog queue, lowering SYN and SYN/ACK retries, etc.
Beyond that you could enable packet marking so you can log stale SYNs and feed them to a program (like autofwd) in order to semi-permanently firewall hosts generating those packets. If those packets are forged, and not generated directly by bots, there may be some collateral damage.
All of this is even easier if you're comfortable with OpenBSD.
Application protocol level DDoS, depending on the protocol, can be a bit hairier.