Simple really. Iptables has a rate limit rule that you can use to limit new connections from the same IP address:

# General new connection rate limiting for DOS and Brute Force protection
iptables -I INPUT -p TCP -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT

This problem has been solved a decade ago, yet few people are aware of it, since no-one on these forums ever reads man pages.