How are amplification lists scanned?

A key question that was recently asked quite a bit is how amplification lists (which are used for UDP amplification) are scanned. The most common ones are SSDP, DNS, NTP, CHARGEN and SNMP. There are a lot of possible UDP based services that can be used for packet amplification but only a few provide a good amplification rate.

The most common method to scan for amplification lists is using a scanner. Which means sending a packet to every possible IP and save only the ones with a good amplification rate.

Another method is a honeypot method which consists on having a server with a high port speed (10Gbps), and using booters or stressers to catch the packets, ending up with a list of IPs that were used for the stress test on a specific UDP service.