An RST flood is a Layer 4 (transport) attack vector, one of the attack classes a thorough DDoS test is built to exercise. The attacker sends a high volume of TCP packets with the RST (reset) flag set, often spoofed across many source ports and addresses. Each packet forces the target or an inline stateful device to search its connection table for a matching session before discarding the packet, burning CPU and table lookups even though the resets correspond to no real connection.
Why it matters in DDoS testing
Like the ACK flood, an RST flood pressures stateful infrastructure rather than bandwidth. A test characterizes the point at which connection-tracking lookups dominate CPU and legitimate sessions start to drop, and whether the firewall's RST handling can be tuned to fail gracefully. These packet-rate-bound vectors reveal capacity limits that bandwidth-oriented planning misses. The transport-layer attack family is covered in Understanding DDoS Attack Vectors.