You are correct that we deal with amplification/reflection attacks all the time.
But what you don't see are the HTTP-level attacks where we put in place filtering rules in our WAF to block them. You don't see them because we mostly don't write about them. These attacks are different from the NTP/DNS style (which fill pipes) because they use server resources on the origin web servers.
Sure, there are probably a handful of custom rules that some customers get, but like I said... most of your customers are paying for something that drops NTP/DNS and forwards HTTP/HTTPS.
The WAF product has had a LOT of upgrades since that report, and has a huge update coming in Q4. That report is pretty out of date; I'd be happy to provide a test setup for Zeroscience to do a new analysis if they'd like, and am looking at how to do a continuous test/demo of the new WAF, because it's pretty interesting how it works.
When a source IP is shared (Tor exits, carrier NAT, etc.), trying to push as much into URL pattern vs source-IP filtering, for instance.
But what you don't see are the HTTP-level attacks where we put in place filtering rules in our WAF to block them. You don't see them because we mostly don't write about them. These attacks are different from the NTP/DNS style (which fill pipes) because they use server resources on the origin web servers.
We need to be able to defend against both.