Some of the basic defensive strategies against DOS include but not limited to:
Disabling Unnecessary services
Make sure you run hardening on your systems bases on best practices for specific OS. Also make sure unused services are disabled or removed.
This is effective technique when it comes to stopping bot’s from being delivered to your system by trojans.
Enable Throttling on the routers
The attack can be stooped by applying throttling on your router.
Use Reverse Proxy
Proxy acts as middle man during communication so the attack can be proactively stopped before reaching the server
Enable Ingress and Egress Filtering
One of the benefits of filtering ingress egress traffic is stooping spoofed addresses from getting on the internal network
Service could be automatically shutdown or throttled during attack
You can add additional resourced so you can actually handle attack without noticing performance issues.