eliminating multicasts to reduce false positives

[Juan Fernandez <Juan.Fernandez () deltathree com>]

HI,

 

I read in intrusion detection with snort from jack koziol that it is a good
idea to eliminate multicasts on the mirrored port that the sensor is
installed.

 

I have a cisco 2900 switch Is it possible to do this ? ( I mirror the
firewall port in the dmz ). I mean disable the multicasts on the mirrored
port and them mirror it).

 

What are the consciences of disabling multicasts anyway?

 

Thanks !!!

 

Juan