Well, not really. The first 64 bits are not all possible. They are subdivided, since some addresses are link-local, some are multicast, etc. Then, Comcast only has a certain allocation of that. On top of that, could one find a patter in how they allocate their addresses?
The second 64 bits are also not quite random. Most of your devices will autoconfigure using radvd. This means that the second 64 bits depend on their MAC address. Now, if I knew of an exploit to, say, a printer or a NAS device, I would know the MAC address range. My guess is that I could probably reduce the 128 bit address space to something like 100 or even 90 bits.
Second, and this makes it all the above a moot point, don't your devices connect to the internet? Any time they connect to a site, that site knows the IP address and that data may be used either explicitly or leaked and used by someone else. Everyone between you and the site also knows the address.
Lastly, if you ever set up a DNS record for any of these addresses, they are then visible to others even with some scanning if you don't ever publish the actual names.
Long story short, there is hoping you don't get hacked and there is knowing you have a firewall that only allows what you want in.
The second 64 bits are also not quite random. Most of your devices will autoconfigure using radvd. This means that the second 64 bits depend on their MAC address. Now, if I knew of an exploit to, say, a printer or a NAS device, I would know the MAC address range. My guess is that I could probably reduce the 128 bit address space to something like 100 or even 90 bits.
Second, and this makes it all the above a moot point, don't your devices connect to the internet? Any time they connect to a site, that site knows the IP address and that data may be used either explicitly or leaked and used by someone else. Everyone between you and the site also knows the address.
Lastly, if you ever set up a DNS record for any of these addresses, they are then visible to others even with some scanning if you don't ever publish the actual names.
Long story short, there is hoping you don't get hacked and there is knowing you have a firewall that only allows what you want in.