Exploring the Blind Spot of IXP Route Server

*Internet Exchange Points (IXPs)* are critical components of today’s Internet, as they handle a substantial share of global traffic and enable efficient interconnection among networks. At the heart of their operation are *Route Servers (RS)*, which simplify public peering by allowing *Autonomous Systems (ASes)* to establish a single BGP session with the RS. However, a key challenge of BGP is its *trust-based route sharing*, which introduces vulnerabilities that can be exploited to hijack or disrupt traffic. To mitigate such risks, IXPs implement filtering policies on RS primarily based on two mechanisms: *Internet Routing Registries (IRRs) and the Resource Public Key Infrastructure (RPKI)*. Current RS filtering practices, however, reveal a **blind spot**: *IRR-based filtering depends heavily on AS-SET objects*, which are often outdated. Unlike RPKI, IRR validation **does not bind a prefix to its legitimate owner AS**, leaving room for hijacks or misconfigurations to be accepted and propagated. In this work, we analyze this vulnerability, showing how an attacker can exploit IRR-based filtering to perform **prefix hijacking through IXPs**. We analyzed the configuration of several IXPs in the *EURO-IX* community and found that **most of them are affected by this vulnerability**. To address it, we **propose solutions** that IXPs can adopt, alongside **recommendations** for both network operators and IXP operators to improve filtering practices. Finally, we validate our findings through an **analysis of real-world data from the route server RIBs of two major European IXPs**, demonstrating the practical impact of the problem.