Its been a while since i looked into these, but this is my understanding.
There are a few ways that DoS attacks work. Firstly, make the victim spend all its time sending information to a client who does not exist. This is done by packet modification or something similar. For example, we have a network with A and B.
A sends information to B : A->B
But what if B pretends to be C? There is no computer C on the network, but if A thinks that there is, then it will be wasting time sending data to the non-existant C.
This relates the spoofed Ip in the header you were mentioning. Basically, a network packet consists of a few bits of informaiton, something like this:
DestinationIP : Origin : Data.
The orgin and other information is containted in the "header" of a packet. To spoof the header means to change it to what you want, not what it actually should be.
This kind of attacks were the original DoS attacks, I think. However, they arnt so common now, because nobody cares if they are sending a few bytes every few seconds to somewhere that doesnt exist. The amount of bandwidth that is used today makes these attacks almost useless.
So, widespread bandwidth attacking DDoS (Distrubited Denial of Service) attacks are the rage now. These basically involve as many people as possible trying to connect to a server. The server cant cope with this many requests, and all its bandwidth is used up. This effectivly takes the server down, because it cant do anything - it has no network.
How do you orginize these kind of attacks, i hear you ask? Obviously if you got all your home computers and logged into, say, yahoo, Yahoo wont crash. You need alot of computers.
So, BotNets are used. This works as follows : many people are infected with a virus. That virus (in this case a trojan), sits on their computer. The trojans all login to IRC and wait for instructions. (Keeping in mind we could be talking about upwards of 10-20 million computers, here, if the virus is widespread, and probalby more).
When a victim is decided, the controlling person logs into IRC, and tells the bots the IP of the victim. The bots then all try to connect to the victim, crushing it with their bandwidth usage.
Some good reasons : Blackmail. First and formost. If I can tell a bank, or company, that its servers will be down for a few days and they'll be loosing money unless they pay me ... By controlling a DDoS BotNet, I have that power.
Revenge - if i dont like somebody and I have power to do this, then i could.
Buisness advantages - if Google goes down, then other search engines would profit, wouldnt they?
"cool factor" - I get to boast about the power I have.
Some good links
: Wikipedia :
http://en.wikipedia.org/wiki/Denial-of-service_attack : Yahoo Downage report :
http://news.cnet.com/2100-1023-236621.html