An IoT botnet is DDoS attack infrastructure assembled from compromised connected devices, and the large, dispersed fleets it forms are what a DDoS test is built to emulate. Cameras, DVRs, home routers, and other embedded systems ship with weak default credentials, rarely receive patches, and stay powered on continuously, which makes them ideal recruits. Malware families like Mirai and its descendants scan for and enroll them by the hundreds of thousands.
Why it matters in DDoS testing
IoT botnets shape the modern volumetric profile: enormous device counts, wide geographic spread, and residential IP space that overlaps with real users. That overlap is the hard part, because aggressive source blocking risks dropping legitimate customers behind the same CGNAT ranges. A test characterizes the false-positive cost of mitigation under this source model, not just the raw volume the edge can hold.
For how these floods decompose across network layers, see Understanding DDoS Attack Vectors.