UDP reflection DDoS attacks have become one of the primary means of network attack because of its simple realization and significant effect. BAF(bandwidth amplification factor) is the main measure to evaluate the ability of amplification. In this paper, considering the condition of IP slice message, the whole message load is used to modify the formula of BAF, so that it can more accurately reflect the amplification ability of reflection attacks. This paper obtains the hosts with 19, 161, 123, 1900 port reflection behavior in the CERNET (China Education and Research Computer Network) by NBOS (network behavior observation system) to implement the attack test to get the BAF data. On the basis of this, the BAF data are analyzed in terms of statistics and stability. Analysis results show that the BAF of 19 and 123 port is relatively large, but the stability is poor. The paper also uses the results of the analysis to evaluate the risk degree of all amplifiers. Amplifiers with high degree of risk are usually used by the attacker and should be the focus of attention in attack prevention.