A TFTP amplification attack is a Layer 4 reflection and amplification vector, one of the volumetric classes a thorough DDoS test is built to exercise. TFTP (Trivial File Transfer Protocol) runs on UDP 69 and moves files with no authentication, common in network-boot and device-provisioning workflows. The attacker spoofs the victim's IP in a read request to exposed TFTP servers, which begin streaming far larger file data to the victim. Reported amplification factors reach roughly 60 times the request size.
Why it matters in DDoS testing
TFTP belongs on isolated provisioning segments, never on the public internet, yet exposed servers persist on routers and embedded devices. Testing confirms that UDP 69 is unreachable from outside, that ingress filtering blocks the spoofed sources, and where the saturated edge first drops legitimate packets. The reflection mechanics shared across these vectors are detailed in Understanding DDoS Attack Vectors.