I know this is a serious long shot, but here we go.

In the past week or so, for users connected to a particular switch in our network (there are four dumb switches all connected, and it only affects SOME, not all, users on the one switch) are getting DHCP addresses from a rogue DHCP server.

I have physically checked every cable plugged into the switch in question to make sure that none of them have a router or wifi point attached to it. I know the IP of the DHCP server, but I cannot ping it, and it does not have a web interface.

Does anyone have any suggestions on what I can do to locate it or shut it down? Unfortuantely all the switches are unmanaged, and as mentioned, there's no physical device (that I can find) plugged in to anything.

It's getting critical, because it's screwing up the PXE boot of a whole bunch of thin clients.