They can do things like spoof DNS requests from the victim which are known to have large responses. The attacker causes ~4000 bytes of traffic to be sent to the victim from the DNS server by sending a ~40 byte DNS request.
That amplifies the attacker's bandwidth but is a lot easier to distinguish from normal traffic, and would be prevented if everyone did egress filtering because then the attacker couldn't spoof the requests.
But that only prevents the amplification, not the general problem. A botnet with millions of computers in it has enough bandwidth even without amplification to cause plenty of trouble.
That amplifies the attacker's bandwidth but is a lot easier to distinguish from normal traffic, and would be prevented if everyone did egress filtering because then the attacker couldn't spoof the requests.
But that only prevents the amplification, not the general problem. A botnet with millions of computers in it has enough bandwidth even without amplification to cause plenty of trouble.