An SNMP amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. SNMP (Simple Network Management Protocol) listens on UDP 161 across routers, switches, printers, and servers. The attacker spoofs the victim's IP and sends a GetBulk request to exposed devices configured with a default community string like public. Each device answers with a response far larger than the query, and aggregated across many reflectors the reply traffic becomes a high-bandwidth flood aimed at the victim.
Why it matters in DDoS testing
SNMP reflection thrives on misconfiguration: management services left reachable from the internet with default credentials. Testing measures whether the network's own devices are usable as reflectors, whether ingress filtering (BCP 38) blocks the spoofed sources upstream, and where the link saturates. The reflection mechanics shared across these vectors are detailed in Understanding DDoS Attack Vectors.