A NetBIOS amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. The NetBIOS Name Service runs on UDP 137 and resolves names on legacy Windows networks. The attacker spoofs the victim's IP in a small name query to exposed NetBIOS hosts, each of which returns a larger name-table response. The amplification factor is modest, but the protocol remains reachable on enough internet-facing hosts to assemble a meaningful flood.
Why it matters in DDoS testing
NetBIOS has no business facing the public internet, yet flat networks and forgotten servers still expose UDP 137. Testing confirms that the firewall drops inbound NetBIOS, that ingress filtering blocks the spoofed sources, and how the edge behaves once reflected traffic saturates the link. How managed edges absorb these volumetric floods is compared in AWS Shield vs Cloudflare DDoS Protection.