I have an 802.11b wireless network setup here, with access point and a few clients, that I am using for testing. My objective is to find as many ways to break into it as I can.
with 802.11 there are very few security features, they include closing the system (only allowing access if you know the network name), WEP encryption, and access lists.
Finding out the network name is the easiest, hell most wireless cards have a feature for scanning to find access points, and displays the network name of any it finds. so thats a nobrainer.
WEP encryption is also simple to break. I have a linux box with a prism2 card and airsnort, so I can break any WEP key, its only takes time.
The access list is the tough one. basicly what it is is a list of the MAC addresses of machines that are allowed to pass data through the access point.
You can get a radio link, but cannot pass data through the AP. This creates one security hole, you can't pass data through the AP, but you can connect to other client devices associated to the AP.
Since the AP is a bridge the access list functions on the MAC layer, so simply bouncing your packets off of a device that has access does not work.
I am guessing that what I would have to do is spoof the MAC address of a device that has access.

Is this possible?

I have been looking for any documentation I can on this and have not found anything useful.
I have windows and linux machines at my disposal, and can probably get whatever hard ware I need to do this with.

Any suggestions?