Precisely. If you get too aggressive with combating this, you're locking out everyone whose machine or connection isn't up to some arbitrary technical standard. You might decide that dial-up no longer matters to you, but what about mobile?
You can combat this a little with good architecture, by making sure the attacks won't stack.
One part of the attack is finding a difficult-to-serve request. The other part is being very slow at receiving the response, keeping the request alive. The impact is multiplied if you keep dozens exceptionally high-memory processess alive while the clients slowly the response that those processors generated.
If you have the right architecture, it won't matter if the difficult-to-serve request takes a long time to send - you backend processes it, sends the response to your web server, and frees the resources (not holding resources until the client is happy).
