Calculation considerations for amplification factor

[boaks]

According the cited CoAP Attacks In The Wild

With a 21 byte GET request the average response was 720 bytes, meaning our amplification factor is 34.

For me this seems to calculate the factor of the UDP payload. That would match, if the attack is considered to be executed against the UDP-parser. If it's considered to attack lower layers, e.g. processing ip-messages, the ratio should consider in my opinion more the ip-message size. That will change the factor to (720 + n) / (21 +n). Assuming IPv4 n is 28 and that results in a factor of 15. So, I guess, it is also important, what is considered to be under attack.

[emanjon]

Good comment, the same applies to the bandwidth. Trying to fix this I opened a new issue #18 and made a couple of commits to try address the issues.