Doh.
If you're exposing TFTP to the world (unencrypted, possibly unauthenticated, etc.), the problem is NOT a TFTP amplification attack.
It's you, and your insecure systems.
Sometimes I wish that the things that my old ISP used to do (probe port 139 of your connection and if it was open, turn off your Internet connection until you agree to take responsibility for it on an intercepted web page message), should be applied to EVERYTHING like this that has a port accessible to the world.