I'm working with a few folks on firewall and IDS rules that will flag suspicious fragmented traffic. I know the legal minimum of a non-terminal fragment is 28 bytes, but given non-terminals should reflect the MTU of the topologies along the link, this number is far lower than what I expect you should see for legitimate fragmentation in the wild.
A few years back I noted some 512-536 MTU links in ASIA. I've been doing some testing and can't seem to find them anymore. Is is safe to assume that 99.9% of the Internet is running on 1500 MTU or higher these days?
there are many deployment of DSL-based layer 2 providers, which use L2TP (or whatever) tunnelling as well as PPPoE to associate end clients to layer 3 ISPs. they enforce MTU like 1450 or lower. in Japan, NTT east/west (NTT is a previously-government-owned telco) provide such service and enforce MTU of 1454. itojun