To expand on the phone analogy: In the old days of analog phone systems, if someone called you and then just left the receiver off the hook you were stuck with an open line no matter how often you hung up after you answered the phone. (We had a bitchy relative that would do this to people she was mad at) With a denial of service attack, you're basically initiating a connection to the site and then once it's acknowledged you either do something that keeps that connection open, or drop it and the server will still maintain it until the timeout period occurs. Because the timeouts take longer than the time it takes to initiate a new connection at your end, with a relatively small number of computers you can hammer at the servers available connections. If you're using a small number of computers to do the DOS then the server administrator can isolate and firewall the offending machines, but it takes time. With a large number of computers involved, then it's just a nightmare for the admins and requires a concerted effort to defeat, or they may simply end up riding it out as the jerks get bored and move on to attacking someone else.
