Here are two great tools to help you detect and yes even stop rogue devices on your network.

1) arpwatch (external link) (cache), it will detect new ARP on the LAN and will alert you. This is simple way to find devices, but you need arpwatch on all your LANs. You can also download the RPMs on most Linux distributions, and if your system is missing that RPM you can get it from our sister companies RPM repository: Atomicorp Yum Repository (external link) (cache)

2) packet fence (external link) (cache) - a free NAC - ties into everything, very very powerful but easy to setup. This will detect and if you configure it, auto-quarantine systems if they dont meet certain security requirements.