highlight: RFC1918 damage in the DNS system


can we really categorically blame microsoft?
(hint: you bet your bootp)

make sure all empirical data is consistent w hypothesis
set up experimental setup of raw windows installations in our lab
check documentation  ( <-- radical approach )

verified that vast majority derive from two OSes: Windows 2000 and Windows XP (empirically, experimentally, and based on documentation)
majority of updates from sources that send them constantly.  bulk of workload from contributions of medium size (not mice/elephants)
most source IP addresses are those of home and small business users connected to the Internet via cable, DSL or phone-based ISPs, i.e., computers owned by individuals, not organizations. majority using software with default vendor settings.
academic, corporate, backbone networks contribute little rfc1918 update traffic