>>/4618/
The basic premise of any DDOS resistant architecture is:

1. Large bandwidth, preferrably from a tier 1 provider that won't charge you for the DDOS traffic (in this case, its likely AT&T)

2. A load balancing scheme. Dynamically updating/rotating DNS addresses,  and redundant devices.

3. Lots of money for more of #1 and #2.