You may have seen how to find guilty IP addresses in my post Using Log Parser Studio to Find Guilty IP Addresses, but if you have enabled the logging of X-Forwarded-For IP addresses in IIS you may want to use this updated version, which gets the top offending IP addresses based on the X-Forwarded-For header:

SELECT
    X-Forwarded-For,
    count(X-Forwarded-For) as requestcount
FROM '[LOGFILEPATH]'
WHERE date = '2016-08-08' 
GROUP BY X-Forwarded-For order by count(X-Forwarded-For) DESC

Don’t forget to change the date when you run this query.