This is a good point, but then you need more boxes to perform the DDOS as the reason they are effective is overwhelming the packets per second or bandwidth per second of the receiving networks. So it definitely does allow for a sustained attack by a single box with limited outbound bandwidth, but that blunts the usual reasoning for why the amplification is so dangerous.
Another interesting impact of this is that the higher the amplification, the more likely it is noticeable by the server that is being abused. I mean if you clog the outbound network for a company they will notice and try to resolve immediately. Versus some milder amplification where it can go under the radar, or at least the business impact urgency radar of a company much longer.
Another interesting impact of this is that the higher the amplification, the more likely it is noticeable by the server that is being abused. I mean if you clog the outbound network for a company they will notice and try to resolve immediately. Versus some milder amplification where it can go under the radar, or at least the business impact urgency radar of a company much longer.