The simplest way is to use netstat and check amount of connections from each host. If you see plenty hosts with many connections established, that's DDoS. If there is plenty hosts, but each one has few connections, thats DoS (aka slash dot effect), mentioned by Tomek_.
PS: DDoS - distributed denial-of-service attack. Deliberate attack which involves dedicated software; DoS - denial-of-service. Server can't handle all requests, because suddenly there is more of them (because of link on frontpage etc)
PS: DDoS - distributed denial-of-service attack. Deliberate attack which involves dedicated software; DoS - denial-of-service. Server can't handle all requests, because suddenly there is more of them (because of link on frontpage etc)