I've posted this question on two forums (DD-WRT, Linux) with no response. It has to do with manufacturers forcing insecurity of wireless lans. It seems like no matter how much you want, you can't truly secure you're WLAN unless you use a minimal # of devices. Right now, I'm running WPA2/AES which two laptops, a Wii and a linksys camera can use and a wired server. All the kids have DSs which can only connect with WEP and I would like to set up RADIUS which would remove the Wii and camera. What I would like to do is buy a cheap wireless AP and set up WEP for the Wii, camera and DS (can these be hacked?). This AP would would limit traffic to/from its stations and "bridge" with the primary secure AP in such a way that the laptops and wired server would not be affected. Sort of like a petri dish, any bad thing created on the secondary AP could not escape. The secondary would have be to able to negotiate with RADIUS. I don't know if this is possible. Any ideas?

Thanks blackazarro

Yes, my opensource research skills are way underpar. I wasn't particulary supicious about the ip address except that it did not originate from my LAN or WAN. Snort is logging mostly stuff from my wifes windows laptop as well as stuff coming from the same network as my internet provider. I ignore these. I have been getting hit by chinese addresses and this one was not in the range of the three net ids that I am usually assigned by my ISP,

Anyway, thanks for not flaming me too hard. I should have dug deeper before  wasting the forums time and experience.