With UDP reflection you can easily set-up a network DoS by running the service on two or more hosts and spoof a UDP package with the origin of the other reflector. They will play ping-pong with each other indefinitely.
See https://en.wikipedia.org/wiki/Echo_Protocol and https://en.wikipedia.org/wiki/Denial-of-service_attack
Possible mitigation: store the received packages in a LRU cache and only respond once on once per time-frame.
With UDP reflection you can easily set-up a network DoS by running the service on two or more hosts and spoof a UDP package with the origin of the other reflector. They will play ping-pong with each other indefinitely.
See https://en.wikipedia.org/wiki/Echo_Protocol and https://en.wikipedia.org/wiki/Denial-of-service_attack
Possible mitigation: store the received packages in a LRU cache and only respond once on once per time-frame.