That hasn't deterred the latest crop of security researchers.

Two months ago Core Security researcher Sebastian Muniz showed new ways of building hard-to-detect rootkit programs for Cisco routers, and this week his colleague, Ariel Futoransky, will give a Black Hat update on the company's research in this area.

Also, two researchers from Information Risk Management (IRM), a security consultancy based in London, plan to release a modified version of the GNU Debugger, which gives hackers a view of what happens when Cisco IOS software processes their code, and three shellcode programs that can be used to control a Cisco router.

IRM researchers Gyan Chawdhary and Varun Uppal have taken a second look at Lynn's work. In particular, they took a close look at the way Lynn was able to circumvent an IOS security feature called Check Heap, which scans the router's memory for the type of modifications that would allow a hacker to run unauthorized code on the system.

They discovered that while Cisco had blocked the technique that Lynn used to trick Check Heap, there were still other ways to sneak their code onto the system. After Lynn's disclosure, Cisco "simply patched the vector," said Chawdhary. "In a sense the bug still remains."

By modifying one part of the router's memory, they were able to bypass Check Heap and run their shellcode onto the system, he said.

The researcher Lynn credited with making his own research possible, Felix "FX" Lindner, will also be talking about Cisco hacking at Black Hat. Lindner, head of Recurity Labs, plans to release his new Cisco forensics tool, called CIR (Cisco Incident Response), which he has beta tested for the past several months. There will be a free version, which will check a router's memory for rootkits, while a commercial version of the software will be able to detect attacks and perform forensic analysis of the devices.

This software will give networking professionals like Fischbach a way to go back and look at the memory of a Cisco device and see if it has been tampered with. "I think there's a use for it," he said. "To me, it's part of the toolkit when you do forensics, but it's not the only tool you should rely on."

There are still major barriers for any Cisco attacker, Stewart says. For example, many attackers are reluctant to hack routers, because if they make a mistake, they knock out the entire network. "We sort of get a pass because no one wants to monkey with the infrastructure that they're using," he said. "It's like screwing up the freeway while you're trying to go to a different city. "

Though Cisco may not have any major security worries right now, Stewart is taking nothing for granted.

In fact, he also admitted that his company has been lucky so far and he knows that could change if enough people like Lindner start working on the problem. "We've got time," he said. "We've got the opportunity to be better, and we should continually invest on lowering the attack surface."