If you think you are experiencing a DoS attack you can try the following.
Open up a cmd prompt and type in the following:
netstat -n -p tcp
This will show you all the active tcp connections.
If you are indeed being DoSsed you will probably see alot of connections here stating 'syn_recieved'. If this is the case then you are probably experiencing a Syn flood attack, one of the most common used DoS attacks.
Win2K automatically monitors three counters that track the number of active TCP/IP ports and the number of ports in the half-open state to look for potential SYN attacks. When these counters exceed predefined thresholds, Win2K assumes that a SYN DoS attack is in progress. During a SYN DoS attack, TCP queries the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters subkey to determine how to respond. The subkey's SynAttackProtect entry determines the number of retries and the retry interval that TCP uses to time out a connection request. The SynAttackProtect entry has the type REG_DWORD and the value 0, 1, or 2.

Set the value to 1 or 2 on systems that connect directly to the Internet. These settings reduce the number of SYN-ACK retransmissions and the interval between them, which reduces the time that a system waits to time out valid and malicious connection requests. For the best protection against SYN DoS attacks, set the value to 2.

Set the SynAttackProtect entry to 1 or 2 for systems directly accessible from the Internet, especially those you don't protect with a firewall. (To verify that your firewall provides SYN attack and Ping of Death protection, check with the vendor.) Remember that when you implement this deterrent, you change the way the system responds to both valid and DoS connection requests.
Taken from:
http://www.secadministrator.com/Arti...eID=25027&pg=2

More interesting reading:
http://grc.com/dos/grcdos.htm
http://grc.com/dos/drdos.htm