The biggest reason why the trend has moved to dDoS attacks over DoS attacks is that to successfully complete a traditional DoS attack the attacker required access to bandwidth equivalent to that being used to target the victim's system. This became problematic as hosting providers were soon able to offer greater incoming bandwidth than most attackers had outgoing. Variations to the simple flood attack (use up all available bandwidth) included modifying the attack to use different parts of the TCP networking handshake, leaving the targeted system sitting there waiting for connections that didn't exist to complete their networking handshake and forcing it to use up its pool of available connections without actually forcing enormous amounts of data through the available bandwidth. Other attacks relied upon repeatedly submitting requests for large media files or content, a simple means of sidestepping the issue of the site having more bandwidth than the attacker - forcing the site to fill its own bandwidth outbound or use up all system resources just to meet the numerous demands.

As defences were created to counter these attack types, attackers began to utilise bot networks and social hacking networks to spread their attacks across multiple source points on the Internet. This had two immediate benefits, the first to hide the true origin of an attack unless a defender was an active part of the attack and was able to access/observe the command and control traffic associated with it, and secondly to make it harder for defenders to isolate attack traffic from legitimate traffic when the attacker could shape their requests to match legitimate request rates from each attacking IP, but make up for it with the volume of IPs under their control.

To help address this problem, there are a number of companies that have established themselves in the specialised niche to help protect sites against DoS/dDoS attacks, from distributed content hosting providers such as Akamai, to service providers that aggressively filter and manage network traffic at the hosting provider level to drop attack packets while still allowing legitimate users through.

What does the future hold for dDoS attacks and defences? Perhaps we are already observing the first of the next generation of attack techniques. It is difficult to speculate what sort of attack might be the successor to the current dDoS types, but if it is a continuation of the improvements that the dDoS gave to the DoS, then it will be a distributed attack where requests are not perfectly timed with each other, are varied in content and request type, and do not exceed the threshold that a normal site user would create. It will be an attack that blends so well with the background noise that it will be almost impossible to isolate from the noise and primarily identifiable due to excessive traffic spiking.