they would investigate the technical infrastructure of the company. If it had its own domain name server, that would have to be attacked first, to stop the company from switching the numeric address behind the website. They also looked for parts of the website where bots could chew up the most resources, such as internal search pages, pages requiring authorization to use, and pages offering downloads.
