Reflected request (DNS/NTP) attack

In this attack scenario, the attacker sends a large number of UDP-based requests to a name server or NTP server using a spoofed source IP address. Then the server, acting as an intermediate party in the attack, responds by sending information back to the spoofed IP address which is the victim. Because of the amplification effect of an unproportional response, it can cause serious bandwidth shortage. For example, a reflected NTP attack can amplify 556 times the amount of traffic as used to create the attack making it easy for attackers to force multiple their stolen resources.

The below figure show some mechanisms on how a LoadMaster can mitigate NTP servers being from being part of a NTP amplification attack.