ActionDispatch::RemoteIp::IpSpoofAttackError exception

I am running Rails 3.2.21 on Heroku and yesterday I started seeing a low occurrence exceptions with this signature:

ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?!HTTP_CLIENT_IP="10.166.210.93"HTTP_X_FORWARDED_FOR="10.166.210.93, 74.121.112.50"

here is the full stacktrace:
https://gist.github.com/jasonfb/652fff633de527fe08fb

Heroku says this is a "false positive" and suggested I turn this off in m app config:

config.action_dispatch.ip_spoofing_check = false

However, they are unable to explain why we've been running for 2 months on their platform until yesterday without this popping up, and yesterday was the first occurrence of it.

any ideas?

-Jason