An SSDP amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. SSDP (Simple Service Discovery Protocol) runs over UDP 1900 on UPnP-enabled devices: routers, printers, cameras, and media servers. The attacker spoofs the victim's IP in a small discovery request, and each exposed device replies with a much larger response listing its services. With millions of consumer devices reachable, the reflected traffic builds a flood many times the size of the original request.
Why it matters in DDoS testing
SSDP attacks deliver high bandwidth from a vast pool of reflectors, so blocking individual sources is futile and the only viable filtering is upstream of the origin link. Testing measures whether edge or provider scrubbing absorbs the volume before it reaches the pipe, and how mitigation capacity compares across managed services, the kind of question explored in AWS Shield Advanced versus Cloudflare.