QUIC has address validation, basically if you talk back and forth with a remote party you can get yourself a token which proves you're on path (you might really be 10.20.30.40 we can't tell, but we can tell you can intercept packets for 10.20.30.40 because you received this token we sent there, maybe you're an adversary at their ISP) and you can use that token in future to prove you're still on path for 10.20.30.40, which an off-path attacker wouldn't be able to do because they can't get that token.
So this lets you prevent amplification. If somebody asks a question with a long answer, but doesn't provide the token to prove they're on path, you make them go around again first, a legitimate user sees one round trip wasted to get a token but attacks don't work..
So this lets you prevent amplification. If somebody asks a question with a long answer, but doesn't provide the token to prove they're on path, you make them go around again first, a legitimate user sees one round trip wasted to get a token but attacks don't work..