We had a similar experience with a series of ddos attacks. We were ok with that even when the site went down.
What hurt us with Google was the increase in authorization errors we got after putting password protection in our login pages [webmasterworld.com...] sometime in June. Google traffic went downhill after that. Even after we have removed password protection, traffic just went sliding down, down and down with Dec our lowest point.
We are now up more than 100% from our lowest point last year, but still a lot way off from our traffic before the attacks.
So just be careful on what you implement next to protect your site. To this day, I still can't understand why Google would react that way to putting password protection to our login pages, but they did -- and we got severely hit in the process.
Anyway in my case all traffic is just for the homepage, no other page. Therefore, there is nothing to protect or any other way to avoid traffic apart from blocking IPs and blocking countries. So far I've blocked about 20 coutries plus thousands of IPs. It's hard to get rid of that attack even with professional help.
doc_z I suggest that you start a thread about this in the WebmasterWorld Search Engine Spider and User Agent Identification Forum [webmasterworld.com ] There are some real experts there who might be able to help you improve your defenses against this.