This advice is very bad. Yes, I'm certain you can make a server go faster by disabling some security features, but without syncookies you're one SYN flood away from a painful crash.
Your "mitigation" is also useless - yes, tarpitting for antispam purposes can work, but a specialized DDoS tool likely uses raw socket access (i.e. the OS doesn't keep track of the connections). If you can't take the number of bits/packets thrown at you, you will be unreachable. And even if not - we're still talking about 10,000 machines talking to your one server. The bad guys have a lot more memory.
Security features? I will bet no give you a large sum of cash if you can show me that a server under a large pps DDOS survives with rp_filter and syncookies on with iptables on and without any crazy tcp modifications. In the real world there are no "specialized DDOS tools" most viruses are simple. EDIT: Why would you use a single server? Why on gods earth would you track tarpitted connections?
Your "mitigation" is also useless - yes, tarpitting for antispam purposes can work, but a specialized DDoS tool likely uses raw socket access (i.e. the OS doesn't keep track of the connections). If you can't take the number of bits/packets thrown at you, you will be unreachable. And even if not - we're still talking about 10,000 machines talking to your one server. The bad guys have a lot more memory.