well i recieved one about 3 days agoi and when i recieved one i took action and closed my site ....then i proceeded to get some Dos protection (im running php nuke) it died down to about 8 people at my site on the same page instead of 230 with the Dos protection but my question is as soon as my site setback up it would return instantly untill it gave up like a day later .....why is that....hope this isnt a really stupid question
The answer to your question is memory.
Dos attacks open up thousands of bogus tcp connections. Due to the way the tcp/ip stack is implemented, each connection stores some amount of data in memory during the "handshake process" The bogus connections during a dos attack start that handshake, but never finish it, leaving the connection half open and that memory "used" in your server. It does this many many many times per second, eventually overloading your server and eating up all the memory. At which point, your apache server (and pretty much anything else trying to execute and use memory) fails.
True dos attack prevention hardware is very very expensive (which is probably why the skeptical question about your protection). essentially that hardware is very specialized (usually) and very very fast. it acts as a middle man between your server and the dos attack. each bogus connection initiates a handshake with the dos attack "mitigator", and since it never finishes the handshake, the mitigator never passes on the bogus connection to the server. Legit connections DO finisht the handshake, at which point the mitigator passes the connection along to the server, and the conversation continues like nothing ever happened.