– list of affected IP addresses seem to be static
– the traffic only comes in certain hours to the affected IPs
– the affected IPs are typically hostings (i.e. no ADSL or otherwise home addresses)
– different IPs get different shares of traffic
– etc.

I’m a security researcher writing an extended article about this.

I’d be interested to speak with people who are affected by this kind of “bittorrent DDoS”. The magazine I’m writing the article for is willing to cover some of the costs related to this DDoS (your hosting cost, compensate for your time) if you help us track this attack – please contact me at tchm at virtall dot com for details.