Computer World has an article which discusses the "lessons learned" from the recent MyDoom DDoS.
Unfortunately, the protections described is nothing new. ISP ingress/egress filtering and changing IP's has been around for years. The filtering is considered a "best practice".
The article also describes adding server capacity, which is what Microsoft did to survive its own DDoS attack. They actually moved their website to Akamai.