As with IPv4, DoS attacks which tend to be clustered from specific locations (I've seen them originating from multiple hosts within a hosting center's range, or from a particularly poorly managed ISP's allocation), using broader allocations (CIDR blocks and ASNs) to identify responsible networks can be useful. The challenge in general is translating from IP addresses to the administrative block responsible (there are IP reverse lookups which do this, in some cases the zonefiles are downloadable allowing lookups at local network speeds), and in translating the information to some sort of policy (few network management devices offer AS blocking rules, though CIDR is pretty much native).