diff --git a/network/connection.go b/network/connection.go
index dc32e43d..972a5c5b 100644
--- a/network/connection.go
+++ b/network/connection.go
@@ -175,8 +175,12 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
 		StopTunnel() error
 	}
 
-	RecvBytes uint64
-	SentBytes uint64
+	// HistoryEnabled is set to true when the connection should be persisted
+	// in the history database.
+	HistoryEnabled bool
+	// BanwidthEnabled is set to true if connection bandwidth data should be persisted
+	// in netquery.
+	BandwidthEnabled bool
 
 	// BytesReceived holds the observed received bytes of the connection.
 	BytesReceived uint64
@@ -225,13 +229,6 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
 	// addedToMetrics signifies if the connection has already been counted in
 	// the metrics.
 	addedToMetrics bool
-
-	// HistoryEnabled is set to true when the connection should be persisted
-	// in the history database.
-	HistoryEnabled bool
-	// BanwidthEnabled is set to true if connection bandwidth data should be persisted
-	// in netquery.
-	BandwidthEnabled bool
 }
 
 // Reason holds information justifying a verdict, as well as additional
@@ -340,6 +337,10 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
 	// Inherit internal status of profile.
 	if localProfile := proc.Profile().LocalProfile(); localProfile != nil {
 		dnsConn.Internal = localProfile.Internal
+
+		if err := dnsConn.updateFeatures(); err != nil {
+			log.Tracer(ctx).Warningf("network: failed to check for enabled features: %s", err)
+		}
 	}
 
 	// DNS Requests are saved by the nameserver depending on the result of the
@@ -378,6 +379,10 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
 	// Inherit internal status of profile.
 	if localProfile := remoteHost.Profile().LocalProfile(); localProfile != nil {
 		dnsConn.Internal = localProfile.Internal
+
+		if err := dnsConn.updateFeatures(); err != nil {
+			log.Tracer(ctx).Warningf("network: failed to check for enabled features: %s", err)
+		}
 	}
 
 	// DNS Requests are saved by the nameserver depending on the result of the
@@ -388,6 +393,8 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
 	return dnsConn, nil
 }
 
+var tooOldTimestamp = time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC).Unix()
+
 // NewIncompleteConnection creates a new incomplete connection with only minimal information.
 func NewIncompleteConnection(pkt packet.Packet) *Connection {
 	info := pkt.Info()
@@ -404,6 +411,12 @@ func NewIncompleteConnection(pkt packet.Packet) *Connection {
 		dataComplete: abool.NewBool(false),
 	}
 
+	// Bullshit check Started timestamp.
+	if conn.Started < tooOldTimestamp {
+		// Fix timestamp, use current time as fallback.
+		conn.Started = time.Now().Unix()
+	}
+
 	// Save connection to internal state in order to mitigate creation of
 	// duplicates. Do not propagate yet, as data is not yet complete.
 	conn.UpdateMeta()
@@ -435,17 +448,8 @@ func (conn *Connection) GatherConnectionInfo(pkt packet.Packet) (err error) {
 			if localProfile := conn.process.Profile().LocalProfile(); localProfile != nil {
 				conn.Internal = localProfile.Internal
 
-				// check if we should persist the connection in the history database.
-				// Also make sure the current SPN User/subscription allows use of the history.
-				user, err := access.GetUser()
-				if err == nil {
-					if user.MayUse(account.FeatureHistory) {
-						conn.HistoryEnabled = localProfile.HistoryEnabled()
-					}
-
-					if user.MayUse(account.FeatureBWVis) {
-						conn.BandwidthEnabled = true
-					}
+				if err := conn.updateFeatures(); err != nil {
+					log.Tracer(pkt.Ctx()).Warningf("network: failed to check for enabled features: %s", err)
 				}
 			}
 
@@ -561,6 +565,31 @@ func (conn *Connection) SetLocalIP(ip net.IP) {
 	conn.LocalIPScope = netutils.GetIPScope(ip)
 }
 
+// updateFeatures checks which connection related features may be used and sets
+// the flags accordingly.
+func (conn *Connection) updateFeatures() error {
+	// Get user.
+	user, err := access.GetUser()
+	if err != nil {
+		return err
+	}
+
+	// Check if history may be used and if it is enabled for this application.
+	if user.MayUse(account.FeatureHistory) {
+		lProfile := conn.Process().Profile()
+		if lProfile != nil {
+			conn.HistoryEnabled = lProfile.HistoryEnabled()
+		}
+	}
+
+	// Check if bandwidth visibility may be used.
+	if user.MayUse(account.FeatureBWVis) {
+		conn.BandwidthEnabled = true
+	}
+
+	return nil
+}
+
 // AcceptWithContext accepts the connection.
 func (conn *Connection) AcceptWithContext(reason, reasonOptionKey string, ctx interface{}) {
 	if !conn.SetVerdict(VerdictAccept, reason, reasonOptionKey, ctx) {