[shock]

> Why would the ISP's network deliver a packet to the customer despite that packet having an IP address that doesn't match the IP address the customer leased?

It wouldn't under normal circumstances, but could in the case of a misconfiguration or a malicious actor.

> Does this require an adversary who is or who compromises the ISP, possibly by tapping into the coax/fiber/etc in the last mile or by pwning the related nodes?

Most likely. I also don't consider the scenario likely, because most NATs/firewalls are stateful in this day and age and if the ISP is compromised the attacker could also use TR-069 to upgrade the firmware on the custormer's router and place a malicious implant⁰.

⓪ - http://www.pcworld.com/article/2463480/many-home-routers-sup...

[zAy0LfpBZLC8mAC]

Well, it is unlikely in practice because home access routers usually come with a stateful firewall. The important point is that that doesn't change when you remove the NAT. And that is important because people come to all kinds of nonsensical ideas about how IPv6 is dangerous or what you should do to make it less dangerous because you typically don't have NAT with IPv6.

Like, that you should use ULA and NAT with IPv6 so you don't lose the great security benefits of NAT. That is a completely logical conclusion if you believe that NAT provides security benefits. But it's just wrong.

And, yes, TR-069 is also a potential attack vector that you probably also should prevent in any halfway serious business context. Giving your ISP('s infrastructure) access to your internal network probably is not a good idea, no matter what the mechanism is.