Estimating autonomous system risk levels by analyzing IXP route server RIB

The security of Border Gateway Protocol (BGP) operations at Internet Exchange Points (IXPs) is critical to ensuring the integrity of data exchanges between Internet Service Providers (ISPs). A key challenge in BGP is its trust-based route sharing, which introduces vulnerabilities that attackers can exploit to hijack or disrupt traffic. While mechanisms like Internet Routing Registries (IRRs) and the Resource Public Key Infrastructure (RPKI) have been developed to mitigate these risks, their effectiveness is often undermined by inherent design flaws that limit their reliability. This paper presents a novel tool designed to address these security gaps in IXP infrastructures. By analyzing the Routing Information Base (RIB) of an IXP's route server, the tool identifies possible prefix hijacking attacks. These prefixes serve as input for calculating a Risk Level metric for each Autonomous System (AS), offering IXP operators insights into anomalous behaviors. The effectiveness of the metric is validated through its application to well-known attack scenarios. Finally, we showcase the application of this tool through an analysis of real-world data from the route server of a major Italian IXP.