kismet.Not sure what you mean about this part, maybe it ties in with the first one but any rate have a look at kismet. It is in BT
Is it possible to fake the 'WEP' string to fool monitor tools? Maybe its hardcoded in the WLan data stream itself... i don't know.
All wep is weak, as such there is no real way to harden it.If i have a weak WEP encryption only and i want to harden it by choosing an exotic subnet (without DHCP) an attacker would only have to wait until i connect to the AP to achieve the valid ip-range/subnet, right?
Hit back if you need more help.