A TCP middlebox reflection attack is a Layer 4 reflection and amplification vector, one of the attack classes a thorough DDoS test is built to exercise. It abuses censorship and content-filtering middleboxes that inject responses into TCP streams. The attacker sends crafted TCP packets (often a SYN carrying a forbidden HTTP request) with the victim's IP spoofed as the source. The middlebox, seeing a banned request, replies with a large block page sent to the victim, reflecting and amplifying traffic over TCP.
Why it matters in DDoS testing
This vector broke the long-held assumption that TCP could not be reflected, since the handshake appears to require a real source. Testing validates whether stateful filters drop out-of-state SYN-ACK and data floods, and whether the volumetric tier holds when reflected TCP saturates the link. The broader class of reflection mechanics is covered in Understanding DDoS Attack Vectors.