Andem - 12:55 am on Feb 22, 2012 (gmt 0)
It makes zero sense to have that much random zombie traffic from such a random sample without it being a DDoS attack. I know lucy24 is trying to help, but there are better suggestions to deal with this.
Have you taken a sample of maybe 25-50 of the IP addresses, done some WHOISes and figured out if they have any connections? If there is any connection, then try denying the subnets.
Are you sure that this traffic is really coming from the United States? Are they coming from IP addresses assigned to consumer-based ISPs?
I'm sure if you look at the traffic with a keen eye, you will be able to spot some consistencies.
An idea might be to try registering sessions with PHP (or whatever language you use) and then denying access if the script is unable to register a session.
Another idea is based on lacy24's idea. If you use a scripting language like PHP, if it is between certain times of the day, try only allowing access to the pages using too much bandwidth by requiring authentication through RECAPTCHA. That service is extremely easy to use and provides enough examples; if the 'user' doesn't get through that, you might be able to ward them off until they move on to their next target. Feel free to PM me if you need assistance in setting that up.