"If you own the network, you own the company," said Nicolas Fischbach, senior manager of network engineering and security with COLT Telecom, a European data service provider. "Owning the Windows PC is not really a priority anymore."

But Cisco's routers make a harder target than Windows. They're not as well-known to hackers and they come in many configurations, so an attack on one router might fail on a second. Another difference is that Cisco administrators are not constantly downloading and running software.

Finally, Cisco has done a lot of work in recent years to cut down on the number of attacks that can be launched against its routers from the Internet, according to Fischbach. "All the basic, really easy exploits you could use against network services are really gone," he said. The risk of having a well-configured router hacked by someone from outside of your corporate network is "really low."

That hasn't deterred the latest crop of security researchers.

Two months ago Core Security researcher Sebastian Muniz showed new ways of building hard-to-detect rootkit programs for Cisco routers, and this week his colleague, Ariel Futoransky, will give a Black Hat update on the company's research in this area.

Also, two researchers from Information Risk Management (IRM), a security consultancy based in London, plan to release a modified version of the GNU Debugger, which gives hackers a view of what happens when Cisco IOS software processes their code, and three shellcode programs that can be used to control a Cisco router.

IRM researchers Gyan Chawdhary and Varun Uppal have taken a second look at Lynn's work. In particular, they took a close look at the way Lynn was able to circumvent an IOS security feature called Check Heap, which scans the router's memory for the type of modifications that would allow a hacker to run unauthorized code on the system.

They discovered that while Cisco had blocked the technique that Lynn used to trick Check Heap, there were still other ways to sneak their code onto the system. After Lynn's disclosure, Cisco "simply patched the vector," said Chawdhary. "In a sense the bug still remains."

By modifying one part of the router's memory, they were able to bypass Check Heap and run their shellcode onto the system, he said.

The researcher Lynn credited with making his own research possible, Felix "FX" Lindner, will also be talking about Cisco hacking at Black Hat. Lindner, head of Recurity Labs, plans to release his new Cisco forensics tool, called CIR (Cisco Incident Response), which he has beta tested for the past several months. There will be a free version, which will check a router's memory for rootkits, while a commercial version of the software will be able to detect attacks and perform forensic analysis of the devices.