I've stated to people many times here WEP is not secure anymore. For doubters, here's a guide to cracking a WEP key on Tom's Hardware, a mainstream computer site. The goal of the article is to raise awareness that WEP won't protect you nearly as well as you may think! http://www.tomsnetworking.com/Sections-article118.php Unfortunately, the article doesn't discuss how to protect yourself. But here are some tips. 1. The best protection is the obvious. If you don't need wireless networking in your house, shut it off. 2. When purchasing wireless routers, NIC's, and access points, look for WPA encryption support, which offers superior protection. If you have WPA support on your current equipment, use it! If not, consider purchasing new equipment that does. 3. Separate your wireless LAN from the rest of your network with a firewall, and only allow traffic that's needed. 4. Use VPN encrypted connections with wireless clients. Keep them badies out of your network! :-) "People! Take to the streets and scream, 'BE REASONABLE!!!'"

In addition to the very useful tips, it is recommended to use static IP instead of DHCP. Keep your network as private as possible!

Wireless routers are so cheap now there's really no reason not to buy a WPA-capable model. It used to take days to crack a WEP key--now it takes 10 minutes. The way I think of wireless: no matter the security steps you take, you're basically offering a network cable to any computer within wireless range. A64 3500+ on Abit AN8

true and not true. If you use dhcp and do ip reservations [eg one ip address to one mac address of a pc on your network] there is no way anyone can get on your wireless network unless they can spoof your mac address. To spoof it they would have to capture that traffic and then wait until the unit was off before they could try getting to your network. I have a hard time thinking someone has the patience to intercept my wireless traffic just so they can get my mac address so they might be able to get on my wireless network. Then they would still have to get past my patched xp pro workstations and the other security precautions I have in place.

"If you use dhcp and do ip reservations [eg one ip address to one mac address of a pc on your network] there is no way anyone can get on your wireless network unless they can spoof your mac address." DHCP reservations that prevent more computers from getting on simply forces hackers to specify an IP manually as well as subnet mask, default gateway, and DNS servers, all information that could be figured out from captured traffic that was done to crack the WEP key in the first place. That is easier to do than cracking the WEP key, which by that point they already did! DHCP simply is not a requirement for network functionality, whether or not it's used in a network. Want proof? Run ipconfig, and plug the settings in manually in your NIC's settings, but change your IP to something outside of the DHCP address pool. Guess what? It works. Also, if you're thinking MAC address filtering could stop this, MAC address filtering only allows or disallows traffic based on MAC address access control lists, and it doesn't matter which IP address the devices use, or if DHCP is being used. If the MAC adddress in question is on the list, it works. If not, it doesn't. A hacker would simply specify a MAC address of a computer they know has access on the wireless LAN, and they're in, even if the MAC address they used is on a machine that's on with a different IP address at the same time. Changing your MAC address can be done within device manager!!! Again, this info is already in hand from the packet sniffing session done to crack the WEP key. "I have a hard time thinking someone has the patience to intercept my wireless traffic just so they can get my mac address so they might be able to get on my wireless network." Wardriving is a hobby! People are doing this simply for fun! Now factor in someone who might want to avoid paying for internet, so they use your wireless network. Someone may simply want to plant a keystroke logger to get your credit card info, passwords to bank accounts, etc. That seems worth it to me to do if I were a criminal. The only thing saving you right now is the sheer number of wireless LAN's setup by people who didn't even take basic precautions at all. Hackers go for low hanging fruit first, or in this case, wireless LAN's that are wide open, or use no encryption at all. "Then they would still have to get past my patched xp pro workstations and the other security precautions I have in place." Dude, I'm an MCSE, I like Microsoft products, don't get me wrong, but Windows XP patched to latest can be hacked relatively easily. I've seen it done with my own eyes. While keeping your machines patched is something you should be applauded for, I wouldn't bet the farm that would keep people out. And besides, they're still able to use up bandwidth anyway! "People! Take to the streets and scream, 'BE REASONABLE!!!'"

As an example I have 5 pcs. I have only 5 ip addresses in the available range configured on the router. I have ip to mac address reservations. Even if a hacker got the mac addresses they couldn't spoof until a machine got off the network and shutdown. Even if I change my mac address on my wireless pc I can't get on the wireless network. No ip address to give/get. If I set my ip address manually but in the ip subnet I can't get on. It's out of the range for the lan scope defined on the router. I am not saying that wireless traffic could not be captured or cracked. Use my wireless connection? Sure if a pc was off and the hacker could spoof the mac address. No single safeguard is totally effective. WPA is just another layer among many. I have found limiting the ip range and doing ip/mac reservations an additional layer often not thought of. It has proven effective in preventing casual wireless network access. As do all the other layers like WEP/WPA, etc.

We need to clear something up. "I have only 5 ip addresses in the available range configured on the router. I have ip to mac address reservations. Even if a hacker got the mac addresses they couldn't spoof until a machine got off the network and shutdown." Do you mean you only have 5 IP addresses for available DHCP scope? In other words, do you run a network such as 192.168.0.0 and your router has a DHCP server configured to lease only say 192.168.0.2 - 192.168.0.6? When you use the word "scope", that's what you're implying, but please correct me if I'm wrong. "People! Take to the streets and scream, 'BE REASONABLE!!!'"