thats not such a bad idea dropping the power to sections of the city or just unplugging sections of the network late at night. when you stop getting some sort of response from the device you can narrow it down. done this before when we had a denial of servcie attack coming from an unknown device in a network of 10,000 users in the asia pacific region. in this case we had admin access to the various routers to isolate the subnets. but swtiching off hardware can do the same. even if it's outside the city's durastiction, at least there is a trail to follow. it's not that hard to track down a device but if in this case the business is functioning maybe the cost of taking down parts of the system is not worth it, yet.