DDoS Attack Vectors
Interactive Periodic Table of Vectors
ATTACK COUNT
500,001+
50,001 - 500,000
0 - 50,000
- 3.8:1 Bt ○○○●● Bittorrent Amplification 2
- 56.89:1 Cd ○○○○● CLDAP Amplification 3
- Ds DNS 4
- 160:1 Dn ●●●●● DNS Amplification 5
- Im ICMP 6
- 10:1 Ik ○○○○● ISAKMP 7
- 13.5:1 Lt ●●●●● L2TP Amplification 9
- 4.35:1 Md ○○○●● mDNS Amplification 10
- 51,200:1 Mc ○○○○● memcached Amplification 11
- 25:1 Mq ○○○●● MS SQL RS Amplification 12
- 556.9:1 Np ○○●●● NTP Amplification 13
- 6.3:1 Sn ●●●●● SNMP Amplification 15
- 30.8:1 Ss ●●●●● SSDP Amplification 16
- 3.32:1 St ○○○●● STUN Amplification 17
- Ta TCP ACK 18
- Tr TCP RST 19
- Ts TCP SYN 21
- 3:1 Tk TCP SYN/ACK Amplification 22
- 35.5:1 Ar ○○○○● ARMS Amplification 23
- 1,000:1 Ch ○○○○● chargen Amplification 24
- 34:1 Cp ○○●●● COAP Amplification 25
- 34:1 Cp ○○●●● COAP Amplification 27
- In IP null 28
- Iv IPv4 Protocol 0 29
- 3:1 Nb ○○●●● NetBIOS Amplification 30
- 33.9:1 Ov ●●●●● OpenVPN Amplification 31
- 85.9:1 Rd ○○○○● RDP Amplification 34
- 134.24:1 Ri ○○●●● RIPv1 Amplification 35
- 29:1 Rc ●●●●● rpcbind Amplification 36
- 10:1 Sp ●●●●● SIP Amplification 37
- Tn TCP null 39
- 4:1 Ub ○○○○● Ubiquiti Amplification 40
- 2,464:1 Un ○○○○● Unreal-tournament Amplification 41
- 14:1 Ve ○○○○● VSE Amplification 42
- 500:1 Wd ○○○○● WS-DD Amplification 43
- 120:1 Bc ○○○○● BACnet Amplification 45
- 5.7:1 Ci ○○○○● Citrix-ICA Amplification 46
- 37.34:1 Dt D/TLS Amplification 47
- 25.68:1 Di ○○○●● DHCP Discovery Amplification 48
- Ht HTML5 49
- 1.1:1 Ip ○○○●● IPMI Amplification 51
- 5.6:1 Jk Jenkins Amplification 52
- 700,000:1 Mh MBHTTP Amplification 53
- 4.68:1 Pm ○○○●● PMSSDP Amplification 54
- 140.3:1 Qd ○○○○● QOTD Amplification 55
- 63.9:1 Qk ○○○○● Quake Amplification 56
- Variable Qc QUIC 57
- 30.7:1 Se ○○○○● Sentinel Amplification 58
- 2,200:1 Sl SLP Amplification 59
- 46.5:1 Tf ●●●●● TFTP Amplification 60
- 4,294,967,296:1 Tp TP240 Amplification 61
Attack Count
500,001+
50,001 - 500,000
0 - 50,000
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Bittorrent Amplification
Nodes running older versions of BitTorrent P2P file-sharing applications can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
3.8:1
Number of Attacks
621260
Reflectors/Amplifiers
582420
Port Number
6881
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
CLDAP Amplification
Unsecured Connectionless Lightweight Directory Access Protocol (CLDAP) services can be leveraged to launch refleection/amplification DDoS attacks. Most abusable CLDAP reflectors/ampliifers are Microsoft Windows servers which have been unwisely exposed to the public Internet.
Amplification Number
56.89:1
Number of Attacks
740540
Reflectors/Amplifiers
162110
Port Number
389
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
DNS
Programmatically-generated DNS queries mainly intended to overwhelm authoritative DNS servers; recursive DNS servers can also be targeted, and can be negatively impacted if used to reflect DNS query-floods towards targeted authoritative DNS servers. Queried Resource Records (RRs) can be pseudorandomly-generated ('DNS Water Torture'), or chosen from a dictionary of tens of thousands of plaubile-sounding labels (i.e, the 'Dyn attack').
Number of Attacks
7219930
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
DNS Amplification
A DNS reflection/amplification DDoS attack is a common two-step DDoS attack in which the attacker manipulates open DNS servers.
Amplification Number
160:1
Number of Attacks
15657770
Reflectors/Amplifiers
9842900
Port Number
53
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
ICMP
Programmatically-generated ICMP packets intended to consume link bandwidth (bps)/throughput (pps), as well as the capacity of targeted nodes to generate ICMP responses in the case of ICMP Echo Request (i.e., ping) floods. ICMP floods are measured in both bits-per-second (bps) and packets-per-second (pps), and are a form of volumetric DDoS attack.
Number of Attacks
12398710
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
ISAKMP
Misconfigured VPN servers and concentrators supporting the ISAKMP/IKE key-exchange methodology can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
10:1
Number of Attacks
893480
Reflectors/Amplifiers
135180
Port Number
500
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
L2TP Amplification
Misconfigured VPN servers and concentrators supporting the L2TP protocol can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
13.5:1
Number of Attacks
1830850
Reflectors/Amplifiers
21048400
Port Number
1701
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
mDNS Amplification
Internet-exposed nodes running misconfigured, abusable mDNS services can be leveraged to launch reflection/amplication DDoS attacks.
Amplification Number
4.35:1
Number of Attacks
1099130
Reflectors/Amplifiers
1677470
Port Number
5353
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
memcached Amplification
Misconfigured, internet-exposed memcached database-caching servers can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
51,200:1
Number of Attacks
1097110
Reflectors/Amplifiers
45550
Port Number
11211
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
MS SQL RS Amplification
Abusable, internet-exposed Microsoft SQL Server nodes running the SQL Server Reporting Service can be leveraged to launch reflection/amplification attacks.
Amplification Number
25:1
Number of Attacks
1177770
Reflectors/Amplifiers
690410
Port Number
1434
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
NTP Amplification
Misconfigured Network Time Protocol (NTP) servers that expose abusable administrative functions to the internet can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
556.9:1
Number of Attacks
4459960
Reflectors/Amplifiers
2307680
Port Number
123
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
SNMP Amplification
Routers, layer-3 switches, Wi-Fi access points, servers, and other internet-connected devices running the SNMPv2 management protocol, and which have been misconfigured to expose it to the internet with default credentials, can be leveraged to launch reflection/amplification attacks.
Amplification Number
6.3:1
Number of Attacks
678860
Reflectors/Amplifiers
9601490
Port Number
161
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
SSDP Amplification
Consumer-grade broadband access routers that expose Simple Service Discovery Protocol (SSDP) to the internet can be leveraged to launch SSDP reflection/amplification attacks.
Amplification Number
30.8:1
Number of Attacks
1232440
Reflectors/Amplifiers
8434730
Port Number
1900
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
STUN Amplification
Nodes running the STUN protocol used to provide dynamic mapping of NATted private IP addresses to publicly routable IP addresses can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
3.32:1
Number of Attacks
4133840
Reflectors/Amplifiers
1786270
Port Number
3478,
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TCP ACK
Programmatically-generated TCP ACK packets primarily intended to overwhelm the state-tables of stateful firewalls, load-balancers, ‘IPS’ devices, etc. by forcing them to perform multiple simultaneous lookups for non-existent connections. Most ACK-floods are spoofed. ACK-floods are primarily measured in packets-per-second (pps), and are a volumetric form of DDoS attack.
Number of Attacks
23064420
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TCP RST
Programmatically-generated TCP RST packets primarily intended to overwhelm the state-tables of stateful firewalls, load-balancers, ‘IPS’ devices, etc. by forcing them to perform multiple simultaneous lookups for non-existent connections. Most RST-floods are spoofed. RST-floods are primarily measured in packets-per-second (pps), and are a volumetric form of DDoS attack.
Number of Attacks
10742780
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TCP SYN
Programmatically-generated TCP SYN packets intended to overwhelm the TCP stacks of targeted hosts, consuming their capacity to instantiate new TCP connections for legitimate clients. SYN-Floods can also exhaust the state-tables of stateful firewalls, load-balancers, ‘IPS’ devices, et. al. Most SYN-Floods are spoofed. SYN-floods are primarily measured in packets-per-second (pps), and are both a volumetric and a connection-oriented form of DDoS attacks.
Number of Attacks
15168350
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TCP SYN/ACK Amplification
Any node which runs a TCP-based service such as Web servers, SMTP mail relays, etc. can potentially be leveraged to launch TCP reflection/amplification DDoS attacks.
Amplification Number
3:1
Number of Attacks
10916090
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
ARMS Amplification
Internet-exposed Apple computers running older versions of the Apple Remote Management System (ARMS) protocol can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
35.5:1
Number of Attacks
96270
Reflectors/Amplifiers
53510
Port Number
3283
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
chargen Amplification
Systems running the legacy character-generator (chargen) network test facility can be abused to launch reflection/amplification DDoS attacks. Most chargen reflectors/amplifiers are IoT devices, which often have such abusable legacy services running by default.
Amplification Number
1,000:1
Number of Attacks
286360
Reflectors/Amplifiers
111040
Port Number
19
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
COAP Amplification
Misconfigured Constrained Application Protocol (CoAP) M2M speakers can be leveraged to launch reflection/amplification DDoS attacks. Most abusable CoAP reflectors/amplifiers are embedded IoT devices connected to the internet over wireless broadband carriers. Like other UDP-based protocols, CoAP can be exploited to perform UDP reflection/amplification DDoS attacks.
Amplification Number
34:1
Number of Attacks
132590
Reflectors/Amplifiers
2002640
Port Number
5683
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
COAP Amplification
Misconfigured Constrained Application Protocol (CoAP) M2M speakers can be leveraged to launch reflection/amplification DDoS attacks. Most abusable CoAP reflectors/amplifiers are embedded IoT devices connected to the internet over wireless broadband carriers. Like other UDP-based protocols, CoAP can be exploited to perform UDP reflection/amplification DDoS attacks.
Amplification Number
34:1
Number of Attacks
132590
Reflectors/Amplifiers
2500110
Port Number
5683
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
IP null
Programmatically-generated IP packets with no actual payload; they are typically padded with either zeroes or pseudo-random characters. IP Null Floods are primarily intended to overwhelm the TCP/IP stacks of targeted nodes with payloadless packets, as well as to consume link bandwidth (bps)/throughput (pps). IP Null floods are measured in both bits-per-second (bps) and packets-per-second (pps), and are a volumetric form of DDoS attack.
Number of Attacks
56400
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
IPv4 Protocol 0
Programmatically-generated IPv4 Protocol 0 packets intended to consume link bandwidth/throughput, as well as the capacity of targeted nodes to process incoming packets. IPv4 Protocol 0 is an invalid protocol number, but is forwarded by most routers and layer-3 switches. IPv4 Protocol 0 floods are measured in both bits-per-second (bps) and packets-per-second (pps), and are a form of volumetric DDoS attack.
Number of Attacks
59720
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
NetBIOS Amplification
Network Basic Input/Output System (NetBIOS) provides services related to the session layer of the OSI model that allow applications on separate computers to communicate over a local area network. An attacker can cause a victim's machine to refuse all NetBIOS network traffic, resulting in a denial of service.
Amplification Number
3:1
Number of Attacks
437490
Reflectors/Amplifiers
3930060
Port Number
137
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
OpenVPN Amplification
OpenVPN servers and concentrators running outdated software can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
33.9:1
Number of Attacks
411820
Reflectors/Amplifiers
9817280
Port Number
1194
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
RDP Amplification
Misconfigured, abusable Microsoft Windows Remote Desktop Protocol (RDP) servers that are exposed to the internet can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
85.9:1
Number of Attacks
139910
Reflectors/Amplifiers
38470
Port Number
3389
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
RIPv1 Amplification
Nodes that expose the deprecated RIPv1 routing protocol to the internet can be abused to launch reflection/amplification attacks.
Amplification Number
134.24:1
Number of Attacks
247320
Reflectors/Amplifiers
2269680
Port Number
520
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
rpcbind Amplification
Misconfigured servers that expose the rpcbind/portmapper service to the internet can be leveraged to launch reflection/amplification attacks.
Amplification Number
29:1
Number of Attacks
287900
Reflectors/Amplifiers
15117650
Port Number
111
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
SIP Amplification
Misconfigured, internet-exposed Session Border Controllers (SBCs) and voice-over-IP (VoIP) PBXes can be abused to launch Session Initiation Protocol (SIP) reflection/amplification DDoS attacks.
Amplification Number
10:1
Number of Attacks
216870
Reflectors/Amplifiers
26423320
Port Number
5060
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TCP null
Programmatically-generated TCP packets with no flags and no actual payload; they are typically padded with either zeroes or pseudo-random characters. TCP Null Floods are primarily intended to overwhelm the TCP/IP stacks of targeted nodes with payloadless packets, as well as consume link capacity.
Number of Attacks
459650
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Ubiquiti Amplification
Some Ubiquiti wireless access devices running outdated software and that expose their managagment protocol to the public internet can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
4:1
Number of Attacks
182580
Reflectors/Amplifiers
191710
Port Number
10001
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Unreal-tournament Amplification
Multiplayer game servers running deprecated versions of the Unreal Tournament online gaming protocol can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
2,464:1
Number of Attacks
384250
Reflectors/Amplifiers
14120
Port Number
7777-7788
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
VSE Amplification
Multiplayer game servers running deprecated versions of the Valve Steam Engine (VSE) online gaming protocol can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
14:1
Number of Attacks
364460
Reflectors/Amplifiers
153880
Port Number
27015-27021,
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
WS-DD Amplification
Misconfigured, internet-exposed nodes running the Web Services Dynamic Discovery (WS-DD) protocol can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
500:1
Number of Attacks
323630
Reflectors/Amplifiers
175110
Port Number
3702
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
BACnet Amplification
Internet-exposed servers and IoT devices running the BACNet HVAC management system protocol can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
120:1
Number of Attacks
23460
Reflectors/Amplifiers
147890
Port Number
47808
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Citrix-ICA Amplification
Citrix Independent Computing Architecture (Citrix ICA) is a proprietary protocol for an application server system. Designed by Citrix Systems, it is not bound to any single platform and lays down specification for passing data between server and clients. Citrix ICA includes a server software component, a network protocol component, and a client software component. The Citrix ICA protocol has been used as an attack vector for DDoS attacks.
Amplification Number
5.7:1
Number of Attacks
27410
Reflectors/Amplifiers
45130
Port Number
1604
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
D/TLS Amplification
Improperly implemented D/TLS servers and load-balancers can be leveraged to launch reflection/amplification DDoS attacks. Most D/TLS reflectors/amplifiers are hardware load balancers running outdated software.
Amplification Number
37.34:1
Number of Attacks
N/A
Reflectors/Amplifiers
N/A
Port Number
4443
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
DHCP Discovery Amplification
Internet-exposed DVRs and other types of IoT devices running the DHCPDiscover management protocol can be leveraged to launch reflection/amplification DDoS attacks (note that despite its name, DHCPDiscover is unrelated to the DHCP IP address-management protocol).
Amplification Number
25.68:1
Number of Attacks
23540
Reflectors/Amplifiers
1033470
Port Number
37810
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
HTML5
HTML5 (Hypertext Markup Language) is used for structuring and presenting content on the World Wide Web. The HTML5 language's ping attribute is used by websites as a mechanism to notify a website if a user follows a given link on a page. It has also been utilized as a DDoS attack vector to overwhelm targeted victims.
Number of Attacks
N/A
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
IPMI Amplification
Internet-exposed Baseband Management Controller (BMC) server management subsystems running the RMCP protocol can be leveraged to launch reflection/amplification attacks. These combined suites of hardware and software are collectively referred to as Intelligent Platform Management Interface (IPMI) systems.
Amplification Number
1.1:1
Number of Attacks
5980
Reflectors/Amplifiers
516970
Port Number
623
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Jenkins Amplification
Servers running obsolete versions of the popular Jenkins automation suite can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
5.6:1
Number of Attacks
20460
Reflectors/Amplifiers
N/A
Port Number
33848
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
MBHTTP Amplification
Large-scale state-sponsored, ISP-operated, and enterprise-run Web censorship systems which do not properly establish a TCP 3-way handshake prior to transmitting policy-violation responses to offending clients can be leveraged to launch reflection/ampification DDoS attacks.
Amplification Number
700,000:1
Number of Attacks
N/A
Reflectors/Amplifiers
N/A
Port Number
N/A
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
PMSSDP Amplification
Plex Media Server nodes running outdated software and exposed to the public internet can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
4.68:1
Number of Attacks
N/A
Reflectors/Amplifiers
608680
Port Number
32410,
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
QOTD Amplification
The legacy Quote-of-the-Day (QotD) network entertainment service can be leveraged to launch reflection/amplification DDoS attacks. It is mainly found today on IoT devices running insecure default configurations that expose abusable, outdated services to the internet at large.
Amplification Number
140.3:1
Number of Attacks
18720
Reflectors/Amplifiers
137540
Port Number
17
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Quake Amplification
Quake game servers running legacy, outdated multiplayer software can be leveraged to launch reflection/amplification DDoS attacks.
Amplification Number
63.9:1
Number of Attacks
49540
Reflectors/Amplifiers
12460
Port Number
27960,
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
QUIC
A limited population of misconfigured QUIC servers can be abused to launch reflection/amplification DDoS attacks.
Amplification Number
Variable
Number of Attacks
N/A
Reflectors/Amplifiers
N/A
Port Number
443
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
Sentinel Amplification
SPSS statistical software-licensing servers running outdated software can be abused to launch Sentinel reflection/amplification DDoS attacks.
Amplification Number
30.7:1
Number of Attacks
21480
Reflectors/Amplifiers
9480
Port Number
5093
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
SLP Amplification
Misconfigured, publicly-exposed Session Location Protocol (SLP) responders can be leveraged to launch reflection/amplification attacks. Many abusable SLP responders are actually Internet-exposed print servers.
Amplification Number
2,200:1
Number of Attacks
13340
Reflectors/Amplifiers
N/A
Port Number
427
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TFTP Amplification
Misconfigured, publicly exposed Trivial File Transfer Protocol (TFTP) servers can be leveraged to launch reflection/amplification attacks. Many abusable TFTP servers are actually routers or other network infrastructure devices.
Amplification Number
46.5:1
Number of Attacks
48780
Reflectors/Amplifiers
8413120
Port Number
69
500,001+ Attacks
50,001 - 500,000 Attacks
0 - 50,000 Attacks
TP240 Amplification
A test facility present in unpatched Mitel VoIP gateways running deprecated software versions can be abused to launch reflection/amplification DDoS attacks with a record-breaking amplification factor of 4,294,967,296:1.
Amplification Number
4,294,967,296:1
Number of Attacks
20440
Reflectors/Amplifiers
N/A
Port Number
10074
