On a large enough level, this would have to be treated the same way as spam traffic currently is. You'd never ban anything smaller than a /64 with IPv6. Getting DOS from a /48 or /56? Ban them, or do exponential back-off for all IPs in the block. It's not that hard for a botnet to get a few hundred thousand IPv4 addresses either, but we haven't taken that as a reason to just roll over. The difference between each IP sending you 1 request / sec and 10000 requests / sec is still profound.