Use Case: Realtime DDoS Detection & Response
Use iPilot to detect a live DDoS attack, identify the top offending sources, and apply a safe mitigation — all in plain English.
The scenario
Traffic spikes suddenly. You need to know right now whether it's an attack, who's causing it, and the safest way to stop it — without digging through raw counters yourself.

Example Prompts
Ask iPilot in plain English — no command syntax needed:
- "Check for a DDoS attack right now. Show the spike, top source IPs, and the safest mitigation path."
- "Show me the top offenders hitting port 80/443 and suggest a temporary rate-limit plan."
- "Verify whether the mitigation worked after I block these IPs."
What iPilot Does
iPilot combines several live data sources on the connected device to build a full picture before suggesting any action:
| Data Source | Purpose |
|---|---|
| Interface counters | Confirms whether traffic is genuinely abnormal |
| Connection tables | Identifies which sessions are driving the spike |
| Firewall logs | Surfaces already-triggered rules and drops |
| Queue statistics | Shows whether legitimate traffic is being starved |
| Routing state | Rules out route flapping or upstream issues |
Step-by-Step Walkthrough
- Connect to the affected router or edge device.
- Ask iPilot to check for an attack in progress.
- iPilot returns a plan showing the traffic spike, the top offending IPs/ports, and a proposed mitigation — each step labeled
safe,caution, ordestructive. - Review and run the safe diagnostic steps first, then approve the mitigation step (typically
caution— a temporary firewall rule or rate limit). - Ask iPilot to verify the mitigation worked once applied.
Every mitigation iPilot proposes is reversible. Destructive actions (like a permanent block) always require your explicit confirmation — see Safety & Risk Levels.