In a reflection attack, the attacker sends traffic to a reflector, and spoofs the source address of its packets using the target’s IP address. Then the reflector send the reply to the target’s IP address. If the amount of traffic sent is large enough it can result in Denial-of-Service (DoS).


An amplification attack is just a reflection attack where the attacker sends a relatively small amount of traffic which then triggers a reflector to send a large amount of traffic to the target.

There are some known DNS and NTP vulnerabilities that have been used in the past for amplification attacks.