Only thing i can think of is download a port sniffer and leave it running till the attack happens then review the log and detremin when the attack happened and then you'll beable to identify the attackers IP and block any type of communications using advance firewalls or simply report the IP address along with a copy of the log and send it in an E-mail to your service provider explaining that the found IP is breaching contract of service on the grounds of using their connection in a malisious way.
what i've said might not be much help but thats what i'd do if it were to happen to me.