That only works on "switch" level mostly, on a modern network you also are likely to trigger on your own switches since they run in a pseudo-promiscious (usually marketed as IP Helper, Broadcast Helper, Broadcast Redirect, DNS Helper etc.) mode to facilitate DNS and other protocols that rely on broadcasts to pass through the switch (or VLAN) boundary.
This is however more in relation to intrusion detection not active countermeasures.
This is however more in relation to intrusion detection not active countermeasures.