I am also not sure about the Law but my new host asked me to get the Apache log for the time when the attacks kept coming and they told that its against some law which they would take action against.

The new server is against a firewall specially designed for DDoS attack when any suspicious action is performed it isolates the server thus preventing the server from crashes and when the quantum of attack goes off it resumes the operation.

I can tell you its a hardware firewall as of now and we have also worked on software and OS to protect.