One of the students on our trip to Barcelona brought along a Linksys wireless AP/router. We have been able to connect this to the internet connection already established at La Ciutat, our hostel, which is all wired, and is only used in the 2 offices and 1 public access computer in the lobby. The range is such that only some of the rooms can receive the signal, but the lobby and whole first floor get a pretty good signal.
One day, a few people noticed someone whom was obviously not with our group that was on a laptop in the lobby. We saw what website he was on, and we were able to look at all the traffic that was currently being sent over the network. Using a protocol analyzer, we were able to determine that he was in fact using our network, and were even able to get his IP address and MAC address. Most available AP's have a function built in where you can filter by MAC address, and this can be done normally open or normally closed. We were able to add this person's MAC address to the list of banned cards, and he immediately lost access.
This network also does not use DHCP, for a variety of reasons. Therefore, this person either had a high level of technical knowledge and was able to deduce the correct configuration, or was given the WEP key and IP configuration settings, which is more likely.
This story shows a few things. One, we were able to see exactly what pages this person was viewing, and once his IP address was known, the packets could even be filtered to only those going to or coming from that particular address. Two, it shows the security of MAC filtering, since once that person's MAC was filtered out, he lost access. What he did not know is that if he had simply changed his MAC address, which most cards allow, he could have restored his access. Lastly, this shows quite well the weakest part of any security system, the users. The person who gave this unauthorized user access made all of the security mechanisms worthless, because they gave out all the needed information to someone they barely knew. Social Engineering is a powerful tool used by hackers and con artists of all types.