On Jan 28, 2020, at 04:12, Octolus Development <admin@octolus.net> wrote:

I don't have an exact timestamp, because the attacks are really difficult to see as well.

If you implement an open-source flow telemetry collection system & export flow telemetry from your edge routers to it, this becomes trivial. 

See this .pdf preso (it's my standard telemetry preso):

<https://app.box.com/s/mnshn99c13uekrggy99b>

[Full disclosure: I work for a commercial vendor of such systems.]

--------------------------------------------

Roland Dobbins <roland.dobbins@netscout.com>