venti - 10:42 pm on Mar 6, 2008 (gmt 0) Works very well.
We have had similar problems. We have a algorithm to detect these types of requests which when triggered will add the IPs to the server's local security policy which prevents them from even reaching the web server. The algorithm also sets up a schedule task to remove the block after a certain number of hours. There are different levels of severity to manage repeat offenders.
Works very well.