Due to the way the internet works, there is no way to completely block a DOS attack. The most you can generally do is make sure that it is blocking unrequested traffic and not responding to pings. That at least cuts down on how much throughput it is using.
Other than that, be sure to report it to the ISP, especially if you are on one which has a datacap as that traffic will still count towards your cap. (some people do this to knock comcast customers off of the internet (or is someone is on a truly scumbag ISP like hughesnet, then knock them off of the web for the rest of the month within a few hours.
If your ISP has dynamic IP's, then you can heat to the modem or router settings (which ever device is holding the WAN IP), then release the DVCP, then turn the modem off for a few minutes, then turn it back on.
PS some routers allow people to DOS you without the need to packet flood you. Some ISP supplied routers will have a remote access function that the router listens on and cannot be disabled. (e.g., verizon fios will have the actiontec routers listen on port 4567), depending on how they implement the remote access, the right packets sent to the router at the WAN side, and you can either lag it out, or crash it and require them to be rebooted.
This used to be pretty easy with the older actiontec GT704WG that some DSL providers used (verizon eventually updated their firmware to use remote access where only they have the password, but I am sure someone can find the password in the firmware). The remote access could not be disabled, though there was no need to packet flood or replay attack the remote access since you could access it using the default username and password and either brick the device by uploading a corrupt firmware file, or edit DNS settings.
If they are doing a simple packet flood, then just get the WAN IP changed as there is nothing you can do on your end to deal with the downstream saturation.