On Tue, 2 Apr 2013 18:41:17 -0400 Joe Abley <jabley@hopcount.ca> wrote:
26/1000 is more than zero but still quite small. Subsequent samples with bigger sizes give 332/100000, 3017/1000000.
No science here, but 2% - 3% is what it looks like, which is big enough to be a noticeable support cost for a medium-scale provider if the customer damage is not robo-mediated in some way (e.g. whitelist known offenders to avoid the support phone glowing red when you first turn it on).
Thanks Joe. That is interesting. I can only imagine that on the customer side there are queries coming from something other than typical OS stub resolvers on unix and Windows based hosts. I suppose some sort of NAT/PAT box could account for some of it, maybe more likely could be some common CPE forwarder that uses that port by default. If the latter, that might be considered a serious enough risk that the vendor should address it if they haven't already. If no one else does, another side project I'll add to my list of things to do on a rainy day. John