Yes, I can see your example. Fortunately, one thing I have seen so far is routers being supplied with all inbound connections stopped. Furthermore, mine doesn't allow you to totally disable the firewall, only for specific hosts (which I have done for some key Linux systems), or for specific ports on specific hosts (which I did on Windows for testing - I never leave Windows exposed to the net). Now with a router like mine, your scenario wouldn't work, because the temporary IP addresses would never be allowed to pass.

So, there are ways to build it into the router design to make it harder for people to shoot themselves in the foot. :)

Yes, I think there has been some ISP/Manufacturer working group to get this cleared up and defined. My ISP waited with IPv6 rollout until this was resolved, and the router they deliver does exactly what you describe above.

When IPv6 was designed, the idea was still that every host should be able to communicate with every other host. That has proven to be a bad idea on an open network, so IPv6 had to be crippled to make it viable. But that at the same time removes one of the major incentives to roll it out, as NAT can be used as an alternative solution in most situations. Many places have still not started IPv6 rollout...

Rob