Key_Master - 3:45 pm on Apr 11, 2012 (gmt 0)
If my sites were overwhelmed by this traffic and the data I gathered wasn't sufficient enough to find a solution, I would isolate these visits and conduct a distributed port scan on each IP. At 25 scans per IP, it would only require slightly over 2600 unique visitors to conduct a full scan of each of the 65535 ports. I'd then take the list of open ports I collected and rerun the experiment to see if these zombie visitors shared a common port. My guess is, a port would be discovered that would lead to an answer about these hits, and ultimately, how to defeat them.