Perhaps it's time we admitted the arpanet isn't just dead...
It's long dead. Instead of blocking 10.0.0/8, break it up into
Bs and Cs!
10.128.0/9 Bs
10.0/9 Cs (10.0.1 through 10.127.255)
I was not clear. We need to have a policy of blocking along these
lines:
10.0.0/8
down to
10.0.0.1/24
For the truly paranoid... (catches those hard to get host routes !!)