An ACK flood is a Layer 4 (transport) attack vector, one of the attack classes a thorough DDoS test is built to exercise. The attacker sends a high volume of TCP ACK packets that do not belong to any established connection. Each packet forces the target, or a stateful device in front of it (firewall, load balancer, or conntrack table), to look up a connection that does not exist and decide how to handle it, consuming CPU and state-table capacity even though no handshake ever occurs.
Why it matters in DDoS testing
ACK floods target stateful middleboxes rather than the application. A test characterizes the packet-per-second rate at which the firewall or connection-tracking table saturates and starts dropping legitimate flows, which is often well below the bandwidth threshold operators plan for. Because the failure is in state-table capacity, not raw throughput, ACK floods expose a different knee point than volumetric vectors. The transport-layer attack family is detailed in Understanding DDoS Attack Vectors.