Assuming a firewall (whether in hardware or in software via IPTables / IPChains / or another software firewall), then the bulk of your nefarious traffic is (hopefully) already being taken care of. However, what slips through, on legitimate ports, can sometimes be denial of service attacks. A truly distrubuted denial of service attack is something for where there exists no known solution (at least at this time). However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file).