How does a reflected attack work?
A reflected attack uses responses from legitimate services to flood a victim. The attacker sends spoofed requests to existing legitimate servers (Step 1). Servers then send all responses to the victim (Step 2). There is no redirection of traffic.