On Sun, Feb 02, 2014 at 02:49:49PM -0800, Matthew Petach <mpet...@netflight.com> wrote a message of 49 lines which said:
> If NTP responded to a single query with a single equivalently sized > response, its effectiveness as a DDoS attack would be zero; with > zero amplification, the volume of attack traffic would be exactly > equivalent to the volume of spoofed traffic the originator could > send out in the first place. It is a bit more complicated. Reflection with amplification is certainly much less useful for an attacker but it has still some advantages: the attack traffic coming to the victim's AS will be distributed differently (entering via different peers), making tracking the attacker through Netflow/Ipfix more difficult.
