Possibly the implication against CloudFlare is that a service which makes money off DDoS attack prevention (and many other things) shouldn't drum up business by encouraging such attacks. Though in CloudFlare's defense, the attacks wouldn't stop if the sites did. And I'm not sure what else CloudFlare could do to get people to fix NTP servers.
The attacks would be a lot smaller and infrequent if cloudflare did not host them.
The reason why the DDoS market exploded is because you can now sell your services behind cloudflare for very little cost instead of competitors ddosing each other. You can see all the services being sold at hackforums.net.
Without a publicly assessable store front, you will not get funding.
Without funding you will not be able to rent servers to power reflection attacks and to process requests from hosts that turn a blind eye like ecatel.
Hosts that negligently allow (do not implement technical measures to block) packets to be sent from an IP address not routed to the sender.
Ecatel is the big one here. I don't know what it will take for their upstreams to shut them down, but it needs to happen. Do that and many of these reflected attacks will stop.
You can send spoofed packets from nearly every host.
However hosts like Ecatel are known to specifically allow their customers to send spoofed packets at full speed 24/7.
I think most hosts will notice heavy bandwidth usage, investigate, and then terminate your account. This is why people buy servers at Ecatel even if it is more expensive.
Possibly the implication against CloudFlare is that a service which makes money off DDoS attack prevention (and many other things) shouldn't drum up business by encouraging such attacks. Though in CloudFlare's defense, the attacks wouldn't stop if the sites did. And I'm not sure what else CloudFlare could do to get people to fix NTP servers.