I think I get it now. So it confuses the website into thinking that another server is requesting the page and repeats this continuous through 'zombie pc's' making the site use up lots of memory dealing with these multiple requests effectively disabling the site's ability to deal with real traffic. I'm probably missing the point but I think I understand what your saying.
Exactly! except, it isn't just memory, but network bandwidth, server CPU time, etc.
By "Zombie PCs" I meant the group of PCs a hacker controls, often without the user knowing (well, usually without them knowing) via trojans and whatnot, they get control over the remote PC and compromise it, and often times they will launch further attacks from that PC, making it difficult to trace the real attacker. All of this happens right under their nose! In any case, once the hacker has control over them, he can get them all to do the same thing- in this case, request a web page from a server- using a crafted packet that uses the wrong "return address". So the server get's these millions of requests from PCs all over the world, and each one identifies it's origin as the other site. the server dutifully sends that other site the data all these PCs requested, which confuses the bejesus out of the recipient, since it never requested it.
So both if the servers will have their capacity reduced. Generally big-name companies not only have multiple servers but also a method of detecting these illegitimate packets, not to mention other checks and balances, so really the hacker will need to be far more clever, perhaps <<<DOING SOMETHING CLEVER>>>.
