setup the route to only handle preset MAC addresses .. you will find the mac address in the your Network Connections in windows

Dave

I discovered recently that it's possible to fake/clone mac addresses.

Kaled.

I discovered recently that it's possible to fake/clone mac addresses.

That's certainly possible. Most network adapters today have configurable MAC addresses. They have a built-in one, but it's possible to override it. In Windows, it can be as simple as using the control panel applet or notification area applet that came with the network adapter driver.

However, somebody would first have to know what MAC address to set. The router doesn't "advertise" the MAC addresses that it accepts, and they aren't sent over the air in the clear (i.e. without encryption) assuming that encryption is properly set-up.

IMHO - The folks most likely to bother with trying to gain access through your router - and have the skills to do it - aren't likely to bother with it unless there's a reasonable reward for their efforts. Your neighbors are more likely to try (if broadcast mode is enabled) but as was noted, they'd need to know your MAC address.

WEP key encryption on $50 Linksys router can be cracked in less than a half hour.

Requiring specific MAC addresses adds security but they can also be grabbed from the air by someone who knows how to do it.

You are safe from the average person in your neighborhood if you are buying off the shelf wireless equiptment at the local computer store. You aren't so safe from a 17 year old neighbor with some time on his hands, moderate technical skills, and who considers cracking your wireless a fun challenge.

Use WPA for security, with a relatively long (~25 characters, but the more the better) random key. The only attack vector on WPA that I am aware of is a dictionary attack on poorly chosen keys. Make sure to change the key whenever someone leaves the company.

You could then also set it up to only accept a preset list of mac addresses, though that doesn't really add much security, for reasons already mentioned.

WEP is a joke. Don't use it.

1) Turn off network ID broadcasting (SSID)
2) Turn on WEP or WPA
3) Turn on MAC address control
4) Accept you've done all you reasonably can, that your network is as secure as it can be, but it can still be hacked by someone with the time, skills and inclination!

0) Change the administrator password for your wireless router to something other than the default.
.
.
.
5) Ensure that your laptops / PCs only connect to your wireless router and not neighbouring unsecured networks.
6) If your router allows it, reduce the signal strength to operate in a more sensible range.
7) If you are still worried, there are some reasonably priced WLAN network monitoring devices, which can alert you to new wireless devices in your vicinity.
8) Send all of your cables to cable heaven.
9) Forget you ever heard the word hacker.
10) Pour yourself a drink, lean back in your sun lounger, relax and / or scrutinize your campaigns.

11) Get yourself a copy of NetStumbler to check out what else is around in your neighbourhood, if only so that you can then get your kit on a different channel to them.

Most people seem to leave their kit with default SSID, default channel, default username, and god knows what default else.

12) If all your kit uses only 11b or 11g or something else, then limit connections to just that one type.