Periodically you might see me protect an article with a reason of "inbound distributed attacks" or something similar. Sometimes I will have done this on a page that hasn't been edited in months with no sign of vandalism. Sometimes I will do this on a highly visible page. If you're here then you're probably trying to figure out why.
What it means
When I protect an article with this rationale, it means I am preemptively protecting an article that was somehow scheduled for an attack. I run several bots that monitor typical attack sources, so I get a little lead time on these attacks (generally on the order of seconds to minutes). When this pops up, I verify the severity of the attack and take action, typically by semi-protecting the target page, though occasionally I use a filter instead. When I do this, there is no question that the attack will occur, and the protection is only to limit disruption which would have otherwise occurred. These protections are intended to be very short-term and will only last as long as the attack is ongoing.
Why not be more specific?
Some people get concerned with the ambiguity in my protection message "inbound dist. attacks". The reason I use this message is twofold. Firstly, it's the first thing in my "recent entries" on the protection form, and considering I generally have very limited time with which to respond to these attacks, every second matters. The second reason is purely based in WP:DENY. Announcing the exact reason for the protection is only going to make the vandals feel like they succeeded, whereas our only intention is to get them to be bored instead.
Why indefinite protection?
For most attacks I will assign a very short timer, like 1 hour. However, some attacks I choose to use indefinite protection instead. This is not because I intend it to be a long-term protection; quite the opposite, I generally lift these protections very quickly, and have sometimes done so within minutes. If I chose "indefinite" for the length, it is because the attack source is known to watch the timer on protection and restart the attack as soon as it expires. By using an indefinite length, I can choose to unprotect when I feel it is safe and this forces the attackers to continue to watch the page should they choose to attack it again.
How can I get more info?
If you're an established user, I have no issue with discussing this matter with you more verbosely. Feel free to email me and I'll gladly discuss it with you. I would prefer not to discuss any particular instances on-wiki for the same reason that I use the ambiguous protection description in the first place. However, I do ask that you trust me. If I protected the article, I probably did so with a reason. If it's been protected more than a day, feel free to poke me about whether or not it should be unprotected as it's very possible I forgot about it, but please don't email me every time I protect an article that hasn't been edited in three months asking if it was really necessary.