A GRE flood is a Layer 3 volumetric attack vector, one of the attack classes a thorough DDoS test is built to exercise. GRE (Generic Routing Encapsulation) is IP protocol 47, used to tunnel traffic between endpoints. A GRE flood sends high rates of GRE-encapsulated packets at the target, forcing it to spend CPU decapsulating frames while raw packet volume saturates the link. The Mirai botnet famously used GRE floods in several of its early record-setting attacks.
Why it matters in DDoS testing
GRE floods exploit the fact that many edge devices process protocol 47 without the rate controls applied to TCP and UDP. Testing confirms whether ACLs drop unexpected GRE at the perimeter, whether the decapsulation path becomes the layer of first failure before bandwidth does, and how recovery behaves once the flood lifts. How a stack sustains and recovers from volumetric load is the focus of DDoS Resilience Testing.