Amplification attacks work by overwhelming a target with network traffic by leveraging one or more third-party devices. For most amplification attacks, two conditions are true, which are as follows:

• The protocol used to perform the attack does not verify the requesting source. The response from the network function used should be significantly larger than the request used to solicit it.
• The effectiveness of a traditional smurf attack is contingent upon the hosts on the LAN responding to IP-directed broadcast traffic. Such hosts will receive the broadcast ICMP echo request from the spoofed IP address of the target system and then return simultaneous ICMP echo replies for each request received.