As with IPv4, DoS attacks which tend to be clustered from specific locations (I've seen them originating from multiple hosts within a hosting center's range, or from a particularly poorly managed ISP's allocation), using broader allocations (CIDR blocks and ASNs) to identify responsible networks can be useful. The challenge in general is translating from IP addresses to the administrative block responsible (there are IP reverse lookups which do this, in some cases the zonefiles are downloadable allowing lookups at local network speeds), and in translating the information to some sort of policy (few network management devices offer AS blocking rules, though CIDR is pretty much native).

It is probable that a single machine gets a /64 ipv6 range, but the first 64 bits are consistent. When ipv6 gets more common it will probably be more acceptable to block an entire /64 if you suspect a brute force attack.