Amplification Denial of Service (DoS) attacks have been a persistent challenge in network security, with the consequences ranging from causing minor disruptions to substantial financial losses and irreparable damage to reputation.

In today's network environment, many infrastructures are not primary targets of amplification attacks but unwittingly aid them by sending large responses generated by spoofed packets to the potential victims. The ever-growing number of servers makes manual detection of vulnerable components impractical, emphasizing the urgent need for automated tools, which are currently lacking.

This paper investigates factors that affect amplification DoS attacks on three UDP-based protocols, DNS, NTP, and Memcached. Our analysis indicates that for DNS, factors such as the buffer size, replying to ANY queries, Resource Records (RR), and Name Servers (NS) per domain significantly impact the amplification potential. For Memcached, the key and value lengths substantially affect the amplification factor. Regarding NTP, the magnitude of amplification is influenced by the number of recently contacted clients, with the version being a critical determinant for the likelihood of attack success for both NTP and Memcached.

By incorporating these parameters, we propose the development of an automated tool capable of identifying such vulnerable components within network infrastructures.