I used the phrasing almost all specifically because it may be possible to bypass the controls using UDP.
If the block can be bypassed using UDP then the ISP made a 'big stupid error' as I mentioned. Their router should simply not forward any packet outside the local network until the customer provided his credentials. That covers IPv4 (TCP, UDP, ICMP, others), IPv6, and anything else, whether they support it or not. For ADSL it should be pretty easy to identify the customer's line and redirect anything coming from that line, leaving no possibility of escape. Customers who connect to their ISP through a shared medium, like cable or WiFi, there's an escape route which is to hack their hardware/software stack to impersonate another customer on that shared medium. But that's obviously illegal and furthermore there's no point for them to keep paying for Internet access in the first place.