A volumetric attack is a category of DDoS attack vector, the bandwidth-exhaustion class a thorough DDoS test is built to exercise. Rather than targeting application logic or connection state, it aims to saturate the network link between the internet and the target, measured in bits per second. Reflection and amplification floods (DNS, NTP, memcached) and raw UDP floods are all volumetric: the goal is to fill the pipe so completely that legitimate packets are dropped before they reach the origin.
Why it matters in DDoS testing
Volumetric attacks are what upstream scrubbing and anycast capacity are sized against, because no origin link can absorb a multi-hundred-gigabit flood on its own. A test characterizes how much volume the edge absorbs before clean traffic degrades, the latency scrubbing adds, and how quickly mitigation engages on cutover. This bandwidth-bound failure mode is distinct from protocol and application-layer attacks, which is why DDoS resilience testing measures each layer separately.