It is annoying and disrupting to see duplicate IP in the LAN. We can use Microsoft RogueChecker.exe to check for any un-authorize DHCP server on the network. RogueChecker.exe has last updated on 2009 but it can run from Win 8 as well.
This application can also be configured for schedule checks.
Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet.
Following are the features with this application:
1. It run one time or can be scheduled to run at specified interval.
2. Can be run on a specified interface by selecting one of the discovered interfaces.
3. Retrieves all the authorized DHCP servers in the forest and displays them.
4. Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information
5. Minimize the application, which makes it invisible. A tray icon will be present that would display the status.
Download RogueChecker.exe from http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-26-09-62/RogueChecker.zip
Configure your switch for DHCP snooping feature.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Note: I believe other branded switches should have similar feature as Cisco