This type of system has already been defeated in the simplest way possible. There was a cracking group that had a DDoS system similar to what has been described for HTTP requests to a page which had a captcha. What they did was accept the captcha, and then forward it onto a porn web site they controlled. For users who want all them naughty bits, those users had to fill out the forwarded captcha! Then that information was sent back into the botnet to "validate" their requests to the intended target.
As long as there is porn online, there will be an easy way to kill captcha! WON'T SOMEONE THINK OF THE CHILDREN AND BLOCK ALL THE PR0NZ OMGZ!?!?
My point was that even if a captcha did work, it won't stop a DDOS attack because you still have to have the processing power and bandwidth to serve up the captcha and verify that the remote client is really a person. There is no way to verify that the remote client is legitimate without actually talking to that remote client. Any channel that you use for verification purposes can be the target of a DDOS attack.