[Snort-users] eliminating multicasts to reduce false positives

Juan Fernandez Juan.Fernandez at ...2210...
Tue Nov 30 03:27:15 EST 2004



I read in intrusion detection with snort from jack koziol that it is a good
idea to eliminate multicasts on the mirrored port that the sensor is


I have a cisco 2900 switch Is it possible to do this ? ( I mirror the
firewall port in the dmz ). I mean disable the multicasts on the mirrored
port and them mirror it).


What are the consciences of disabling multicasts anyway?


Thanks !!!




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041130/83a13daf/attachment.html>

More information about the Snort-users mailing list