An NTP amplification attack is a Layer 3 reflection attack vector, one of the volumetric classes a thorough DDoS test is built to exercise. It abuses the monlist command on misconfigured Network Time Protocol servers, which returns a list of the last 600 hosts that contacted the server. The attacker sends a tiny spoofed query carrying the victim's IP, and the server replies to the victim with a response hundreds of times larger, producing one of the highest amplification factors of any reflection vector.
Why it matters in DDoS testing
NTP amplification was behind some of the largest early volumetric floods, and although monlist is now disabled on patched servers, unpatched hosts keep the vector viable. A test characterizes upstream absorption and how quickly scrubbing engages before the origin link saturates. As with all reflection, the structural fix is source-address validation (BCP 38) at the carrier edge, which is why testing centers on absorption rather than prevention. See Understanding DDoS Attack Vectors for the full reflection family.