A reflector is a piece of DDoS attack infrastructure, an innocent third-party server turned into a weapon, and reflection-based vectors are among the classes a DDoS test exercises. The attacker sends a request to the reflector but spoofs the source address to the victim's IP, so the server's reply is delivered to the victim instead. When the reply is larger than the request, the reflector also amplifies, multiplying the attacker's effective bandwidth.
Why it matters in DDoS testing
Reflectors are abundant: open DNS resolvers, NTP servers, memcached instances, and CLDAP endpoints all serve as them. Because the flood arrives from legitimate, reputable server IPs rather than the attacker's own, source reputation and blocklists offer little. The defense lives upstream, in capacity, anycast distribution, and protocol-aware filtering at the scrubbing layer. A test measures how much reflected volume the edge absorbs before clean traffic begins to degrade.
For the layer-by-layer breakdown of reflection vectors, see Understanding DDoS Attack Vectors.