you will need to
* ask your serviceprovider to block all the traffic coming from the online attackforms
* have a direct communicationline with your service providers to block at their level all traffic to specific parts of your domain that have been chosen to be attacked so they don't arrive at the servers
* introduce everywhere a 'drop dead' policy for trafic that goes to nonexisting resources, links or old and forgotten infrastructure and domainnames. That is very important for your servers, firewall, routers and mailboxes. Especially look for logging problems (buffer overflows of the cache). This is your weakest point.
* prepare a legal team so sue the organizers and those that are living in European countries or the US and seem to be organizers and big attackers. You are treating with kids and mom-and-dad-doing-something-naughty kind of attackers. They probably even don't know you are having their IP addresses. For maximum impact these complaints have to be filed in the coming days. This means that upline you will need some copy of that kind of traffic. The better the logging is up the line, the less you have to log and the better your infrastructure can resist. (If for example your ISP says it will log all the attack traffic for you - at a price - you don't have to and can only concentrate on keeping things up. A database can make a 'real-time'report with the IP adresses and the number of attacks and that can be linked to the GEO-IP database to locate the countries)
* put communication channels in place with the local CERT to be informed and warned about changes and things that could be done to help in your country or another (if for example you are being flooded from say Sweden, than the CERT in for example US will contact the CERT in Sweden and ask for intervention from the local ISP's there to stop it).
* re-organize your dns so misconfigured traffic is dropped dead or directed to a dropdead router (blackhole) or that old or forgotten domainnames are redirected to the new re-enforced and monitored infrastructure (so it becomes easier to redirect incoming traffic)
* have a 'standby contract' to be activated so you can have more bandwith, more or another hostingserver(s) in minutes rather than days.
* have securitypeople permanently on the scene - if you are financial this will be permanent - exclusively monitoring these kinds of attacks (and filtering those criminals ones that try to hide under the stream)
* have your communicationpeople and ITpeople on standby notice and 'close to the workplace' this weekend
* get the necessary financial papers signed so that services and products can be delivered without hesitation or that manpower can be sent if necessary
* setup an external PC on an IP adress that is not linked to your network or firm to monitor the targets that are bein. Do not use the same PC on your network. Use it for blackops or covert action but when you are done, you throw it away (without any harddisk that is - you smash the harddisk in thousand pieces and throw it in the dustbin). That PC may not be linked to your enterprise or an employee of yours. Do not use the same PC for Intelligence and blackops (and not in the same range). With intelligence you are watching what is happening and you are participating (without encouraging or giving any technical information or advise - because than you become a provocateur). Blackop operations are illegal and should be treated like this. Their goal is to disturb the attacks and the infrastructure (for example flooding the IRC channels, sending viruses through their networks, intercepting internal communications on their servers and networks and so on). Do not think that blackops is easy and not without any danger. You have services (governmental and commercial) that are real specialists in this (and don't seem to be really active for the moment). The advise is : you have to do passive intelligence anyway but for black ops you have really to hire the specialists. Do not think that you are James Bond.
* prepare yourself for these amateurs to become more professional over time (even if they are saying that they are working with the best ITProfessionals in the field, the tactics and methods are nothing of that kind for the moment - lots of hype and easy press - but not very impressive compared to really professional stuff that has been seen over the last years).
This means that there can be a change of tactics and methods (dns, mail, web2.0, special parts of your infrastructure,.....)
So forget about all those stupid unrealistic exercises