Internet Exchange Points (IXPs) are crucial components of the Internet ecosystem, enabling efficient interconnection among Autonomous Systems (ASes). Their operation relies on Route Servers (RSes), which simplify public peering by allowing ASes to maintain a single Border Gateway Protocol (BGP) session rather than multiple bilateral ones. However, BGP's reliance on implicit trust exposes it to vulnerabilities that can be exploited to hijack or disrupt traffic. To mitigate these risks, IXPs deploy filtering mechanisms based on Internet Routing Registries (IRRs) and the Resource Public Key Infrastructure (RPKI). Current practices exhibit a critical blind spot: IRR-based filtering heavily relies on AS-SET objects, failing to bind IP prefixes to their legitimate AS, allowing hijacks to evade detection. In this work, we formally define and analyze this vulnerability, showing how it can be exploited to perform prefix hijacking via IXPs. We quantify its prevalence across the EURO-IX community and validate our findings using real-world data from the RSes of two major European IXPs, AMS-IX and NAMEX. Finally, we propose practical countermeasures to strengthen RS filtering.
Exploring the Blind Spot of Internet Exchange Point Route Servers / Servillo, Stefano; Spadaccino, Pietro; Konstantaras, Stavros; Luciani, Flavio; Cuomo, Francesca. - (2026). ( IEEE/IFIP Network Operations and Management Symposium 2026 Roma, Italy ).
Exploring the Blind Spot of Internet Exchange Point Route Servers
Stefano Servillo
;Pietro Spadaccino;Francesca Cuomo
2026
Abstract
Internet Exchange Points (IXPs) are crucial components of the Internet ecosystem, enabling efficient interconnection among Autonomous Systems (ASes). Their operation relies on Route Servers (RSes), which simplify public peering by allowing ASes to maintain a single Border Gateway Protocol (BGP) session rather than multiple bilateral ones. However, BGP's reliance on implicit trust exposes it to vulnerabilities that can be exploited to hijack or disrupt traffic. To mitigate these risks, IXPs deploy filtering mechanisms based on Internet Routing Registries (IRRs) and the Resource Public Key Infrastructure (RPKI). Current practices exhibit a critical blind spot: IRR-based filtering heavily relies on AS-SET objects, failing to bind IP prefixes to their legitimate AS, allowing hijacks to evade detection. In this work, we formally define and analyze this vulnerability, showing how it can be exploited to perform prefix hijacking via IXPs. We quantify its prevalence across the EURO-IX community and validate our findings using real-world data from the RSes of two major European IXPs, AMS-IX and NAMEX. Finally, we propose practical countermeasures to strengthen RS filtering.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
