A portmap amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. Portmapper (rpcbind) runs on UDP 111 and tells clients which ports RPC services listen on. The attacker spoofs the victim's IP in a small query to exposed rpcbind hosts, which reply with larger service listings, reflecting and amplifying traffic toward the victim. US-CERT flagged portmap among the reflection vectors abused for high-bandwidth floods.
Why it matters in DDoS testing
rpcbind is rarely needed on internet-facing hosts, yet default installs leave UDP 111 open. Testing confirms that the perimeter drops inbound portmap, that no internal host answers spoofed queries, and where the saturated link first starts dropping legitimate traffic. The reflection mechanics common to these amplification vectors are detailed in Understanding DDoS Attack Vectors.