The scenario

Traffic spikes suddenly. You need to know right now whether it's an attack, who's causing it, and the safest way to stop it — without digging through raw counters yourself.

iPilot analyzing live device traffic


Example Prompts

Ask iPilot in plain English — no command syntax needed:

  • "Check for a DDoS attack right now. Show the spike, top source IPs, and the safest mitigation path."
  • "Show me the top offenders hitting port 80/443 and suggest a temporary rate-limit plan."
  • "Verify whether the mitigation worked after I block these IPs."

What iPilot Does

iPilot combines several live data sources on the connected device to build a full picture before suggesting any action:

Data Source Purpose
Interface counters Confirms whether traffic is genuinely abnormal
Connection tables Identifies which sessions are driving the spike
Firewall logs Surfaces already-triggered rules and drops
Queue statistics Shows whether legitimate traffic is being starved
Routing state Rules out route flapping or upstream issues

Step-by-Step Walkthrough

  1. Connect to the affected router or edge device.
  2. Ask iPilot to check for an attack in progress.
  3. iPilot returns a plan showing the traffic spike, the top offending IPs/ports, and a proposed mitigation — each step labeled safe, caution, or destructive.
  4. Review and run the safe diagnostic steps first, then approve the mitigation step (typically caution — a temporary firewall rule or rate limit).
  5. Ask iPilot to verify the mitigation worked once applied.

Every mitigation iPilot proposes is reversible. Destructive actions (like a permanent block) always require your explicit confirmation — see Safety & Risk Levels.