According to sources found attackers are using widely used server protocols to amplify distributed denial-of-service attacks over LDAP (port 389) by using a practice known as DDoS reflection.
Put simply, this attack is done by sending requests using a spoofed source IP address of the intended victim's server to various servers on the Internet, which will then direct their responses to that address instead of the real sender. As the requests are sent to various services that work over UDP the transport protocol does not validate the source address, in effect hiding the real source of the attack from the victim by reflecting traffic through third-party servers.
Most protocols used for DDoS reflection also allow attackers to amplify the amount of traffic being generated by small queries. This means that attackers can generate responses that are 50 times larger in size than the queries that were initially used to trigger them. As servers typically have a larger bandwidth allocation than home computers and consumer devices it has become the primary target for these attackers to use for this DDoS.
To prevent this type of attack from affecting your server the best option would be to configure specific IP address access to your server over port 389 for both TCP and UDP as well as adding a rule to your Windows server FireWall to deny all other traffic from accessing or communicating with this port.