What is a DDoS ATTACK

DDoS is an abbreviation for distributed denial of service. Ddos is done by transmitting packets of information in a rapid manner to the extent that the machine under target can no longer bear it or respond to legal requests anymore. This is a common form of attack which is used by hackers with the intent of causing a loss of income or to cause intimidation.
A simple way to explain this is to imagine a scenario where 10 fat men are pushing their way through a small entrance at the same time. This will only prevent other persons from finding their way through to either enter or leave. It is pretty much the same with internet connections; the DDoS makes it impossible for any signal to pass through and the motive at the end of the day is to hinder your connection to the World Wide Web.
For some, DDoS is considered legal while to some others it is not. The Computer Fraud and Abuse act is the only law against DDoS that can be considered in court. It can easily be argued in court and only a few persons have been indicted in such cases.
There were only a few ways to carry out a DDoS attack in the past, either you own a botnet or you gain illegal entry to a server and upload shells which basically are webpages used to send packets of information without the knowledge of the webservers. Nowadays, shells have been substituted by purchased servers from data centers that ignore the activities of these servers. That is also what you will be using whenever you make use of an IP booter or an IP stresser.
There is absolutely no difference between an ip stresser, a DDoSer, a botnet and a booter. Whenever a person calls an ip stresser a booter, they are just concealing their shady deals.

How are amplification lists scanned?

A key question that was recently asked quite a bit is how amplification lists (which are used for UDP amplification) are scanned. The most common ones are SSDP, DNS, NTP, CHARGEN and SNMP. There are a lot of possible UDP based services that can be used for packet amplification but only a few provide a good amplification rate.

The most common method to scan for amplification lists is using a scanner. Which means sending a packet to every possible IP and save only the ones with a good amplification rate.

Another method is a honeypot method which consists on having a server with a high port speed (10Gbps), and using booters or stressers to catch the packets, ending up with a list of IPs that were used for the stress test on a specific UDP service.