[hot_gril]

The routers. My ISP can't route dst=192.168.1.2 to anywhere, and even if someone managed to splice the packet in between my router and the ISP, my router won't take that dst. That address doesn't exist on the WAN.

[Dagger2]

No, the routers don't enforce that, and your ISP can route packets with a destination IP of 192.168.1.2, or anything else they like, to you just fine.

Your router will happily "take" that destination IP. The only reason it won't is because of a firewall, not because of NAT.

[hot_gril]

Ok, my PC's address is 192.168.1.3 and I have UDP port 9000 open, please send me a packet.

[Dagger2]

Okay, but since that's RFC1918 you'll need to give me access to your immediate upstream network in order to send the packet to your router. How do you want to do that?