Doesn't know how to measure truly private internal use; if you have ideas, let him know.
Make official requests to companies who operate networks along with assurances of confidentiality. Include the NDA that you are willing to sign along with your request. Try to find a legal contact for each company and submit the requests to them as well as to IP addressing folks and engineering/ops folks. Note that "companies who operate networks" does not include "network operators". A second approach that is more likely to get results, but less likely to answer the whys and wherefores, is to go to "network operators" who are in the VPN or private lines business and ask them for stats on what address ranges (and how many instances) their customers use on private IP networks. Probably need the same NDA and approach to legal contacts. I know of a nonISP that has three separate non-overlapping and non-connected private IP networks which use 1/8 addresses. I know of a company that uses 1/8 through 8/8 on private IP networks. I know of a company that chose to use 126/8 addresses because it seemed that 126/8 would be the last IP block for RIRs to allocate. Then big cable companies started running out of 10/8 space... I've even seen an ISP using a /24 carved out of 196/8 in their internal network management systems. I wasn't able to find out if that started life as a typo of 192.168.?.? and I can't remember the exact /24 range. I've received SPAM reports for a former customer who connected in 1994, received a /24, disconnected in 1996 but kept using that /24 internally behind NATs. One day a bright salesperson decided to SPAM some advertising. Since the SPAM content matched this former customer's business, I chased it up and discovered the reason why our address range was in the mail headers. Is it possible to measure this? Maybe sniffing ISP nameserver traffic to identify matching A and PTR queries where the PTR name is clearly located in a different address range?
2/8, 1/8, 23/8, 5/8, 100/8 is there at #5, which is odd.
Odd? It's a round number which probably means that more than one person has picked it when they needed to make up an IP address.
next /8's they *were* going to give ARIN were 100/101, they decided to NOT give it out to figure out why there's so many hits on it in this round.
It would be good to find out why people have these kinds of DNS leaks. Hopefully it will turn out to be configuration errors which can be addressed through best practices. Even when the space becomes allocated, people will continue to use these blocks and this can be expected to become even more common when IPv4 nears exhaustion. --Michael Dillon