My oldest daughter has a Nintendo DS (not the DS Lite or the DSi, just the DS). In order to be able to connect to the internet, the DS can only use WEP encryption.

I think Nintendo needs more security consultants...
http://www.nintendo.com/consumer/wfc/en_na/ds/wrWEPkeyHelp.jsp#hex_ascii

So since WPA (supported on the DSi) and WPA2 are not possible, what can I do in order to have a "secure" connection to my wireless router?

I have thought about many different things, like MAC address filtering and stuff like that, but nothing that can't be hacked in less than 10 minutes...  

Other than only plugin my wireless router when she needs it and change the password every single time she uses it (which is quite anoying...), I can't think of anything else...

Any ideas?

Depending on the hardware...

DD-WRT lets you have a primary interface and virtual wireless interface.

You can set up the regular one for WPA2 or what you like and have the sub interface set for wep. You can create rules on the device to segment the traffic as best as it can.

You could also turn on and of the virtual interface as she needs it.

You can also create a file of passwords and have the device change it everytime you log in (scripting with ssh).

Probably disjointed reply, but hope it gives you some ideas. Good luck.

Humm... Thanks for your advices!

Unfortunately, both my wireless routers (WBR-2310 and DIR-655) are not supported by DD-WRT... But maybe I can buy a third one just for the sake of playing with it. I bet I can find a cheap one easily...

That's a great idea chrisj, but I cannot do any special configurations on the DS. But I keep that in mind for a laptop!

I guess there's no way I can have a secure connection...

But what about this, without any human intervention once it is set up:

I use one Wireless Access Point with WPA2 for my laptops so I don't have to worry about anything for regular stuff.

Then I use another one with WEP and MAC address filtering. The one with WEP will be on a separate LAN with only access to an handful of web sites, like Nintando update and maybe two or three more. I could limit access to this AP when my daughters are around (like 7:00am to 7:00pm).

So an hacker who easily breaks WEP and MAC filtering would end up having access to the Nintendo update web site and nothing else (including on my own network).

Other manual things I could do (some not that great, but still not that bad):

1) I could also have an IDS who would alert me as soon as something looks suspicious. I would then change the password.

2) Change the password every day or so

3) Turn the AP off when I don't use it

What do you guys think of this?

What about setting up two routers? yours uses wireless and has WPA2, one port on the router hooks into her router on the WAN port and hers is configued for WEP.

Just an Idea.

SephStorm's idea might work... if you have the ability to do Access Lists or firewall it off. Then if it has net-access only, and can't run around internal network (different ip address range?) it might be a workable solution for you.