I like the traditional Denial of Service attacks which are based on the Application layer, i.e. Buffer overflows, function recursion etc. Moreover, most of the network DoS\DDoS attacks are targeted to external systems.
I would like to share an idea about execution of internal DoS (iDoS) attack on the network level. In order to explain the attack, it is important to divide the attack to 2 extremely different networks:
1. Flat Network
Flat networks allow access to all resources in the network. Let's assume that attacker finds a way to install scanning tool silently (e.g nmap with winPcap, by using nmap-x.xx-setup.exe /S /D=C:\tools\Nmap) on all\most of the remote computers, either by exploit or privileged permissions. After installation has been completed, the attacker can execute an intensive scan (paralelly or serially) on the IP range in the internal network.
As a result, the attacker can cause most of the computers in the internal network to scan the entire network, which may lead to exhaustion or denial of service in the internal network.
2. Segmented Network with IPS
In this kind of network, on one hand the attacker might infect less operating systems, on the other hand the remediation might take longer.
If an attacker implements the same attack as above on such a network, the infected resources will be locked by the IPS, which automatically will cause a denial of service to the resources above. In addition, this attack may be taken to other scenarios i.e. flooding the IPS in the network.
In order to reduce the threat I would recommend to limit the access to the internal resources (either by drive encryption, device control etc) and block scanning tools in the Antivirus software on the operating systems.
I know that my recommendations might be bypassed, however it is still a pretty good solution.