Portmapper, or rpcbind, which provides services typically used in Intranet services like unix file sharing, allows for a spoofable requester address in its udp connection. This allows an attacker to make a "request" of the service on behalf of a victim IP. This request with its amplification factor can be used to DoS the victim IP. Typically one would expect rpc services like this to be behind a firewall/vpn and not exposed on the Internet. Their second graph illustrates that very little rpc activity flows over their network typically, again underscoring that you just dont expect it in the wild.
This is really just a "well it took 30 years to become a problem", and if you operate a network this is an APB for what is now a less frequently used service as an attack vector. Also a good warning to admins to check their firewalls and DMZ hosts...
