Ddos tools usually use amplification, instead of sending 1:1 bytes
(that is u sending 1 byte and receive 1 byte as answer)
They may query a database instead which a 30 byte search query results in couple thousand bytes of results + the load on the database
It would be expensive to just use raw network power to overwhelm a web service(u would need more bandwidth than the host)
Meanwhile with amplification u only need a 10th or less
It would be expensive to just use raw network power to overwhelm a web service(u would need more bandwidth than the host)
Meanwhile with amplification u only need a 10th or less
Here an example https://www.imperva.com/learn/ddos/dns-amplification/