Tech News
← Back to articles

Some interesting stuff I found on IX LANs

2025-10-31 | original
read original related products more articles

Sep 25 2025

Some interesting stuff I found on IX LANs

These days the internet as a whole is mostly constructed out of point to point ethernet circuits, meaning an ethernet interface (mostly optical) attached directly from one routing device to another routing device.

However that is not always the case, as the humble “internet exchange” (IX) still exists, and while the relevancy of IXs are progressively being diminished by the internet increasingly being concentrated into a small handful of content networks and IXs not keeping up with the lowering price of transit or private fiber connections to the largest networks, there are still a large number of networks that’s attached to at least one IX fabric.

IXs are a little bit strange, as they are at their core practically identical to a simple ethernet switch you may find in your home or office (except your home switch is unlikely to be doing terabits per second of traffic). As IXs depend on the ethernet switches interest in only being the MAC addresses of traffic and not the Layer 3 IP addresses.

However home and small and medium business (SMB) routers often come with defaults that make life a lot easier for networks way of desktop computers and common office equipment on them, these same defaults are at the very least annoying and at the very worst actively exploitable if put on a IX LAN with many untrusted participants.

bgp.tools “naughty packets” feature

The company that I run and operate has a large number of ports at internet exchanges (at a rough estimate I am the top 13 of all networks on the internet in this metric!), and alongside the route collecting that bgp.tools does on these IX ports, it also listens in on the broadcast and multicast traffic that happens on these exchanges.

This isn’t that magical, at its core it works by running tcpdump on each IX port, and picking up the BUM traffic, parsing what it is looking at (and throwing away the unknown unicast, since that is a separate common problem that I don’t want to get involved with), and reporting that data back up the chain to bgp.tools’s website.

This creates little warning icons (or alerts if they use the monitoring product) on their IX membership rows to let them and others know that something is not configured correctly

... continue reading

Related:
This is what Apple has in store for the future of satellite connectivity on iPhone: report
Hackers used booby-trapped images to spy on Samsung phones, no clicks required
X Is Retiring Twitter.com. You Have 2 Days to Update Your Account or Risk Lockout
GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday

© 2025 GoKawiil