I'm a student at UCONN. The admins in our shop use this piece of software called NetReg (orig. from Southwestern University [netreg.org]) to register all network enabled devices. Unregistered devices are thrown in a restricted 10.x.x.x subnet and forced to register before they are allowed to receive a dynamically assigned public IP address. To prevent network abuse via manually assigned static IP address, servers routinely scan the network for IP's not dynamically assigned and MAC address tied to public IP's that are not registered. In the event an unregistered device is discovered with a public IP, the admins shutdown the switchport and the student/faculty is forced to call our call center. This seems to prevent a lot of headaches.