From c229031521f910e8b8d5d016929c4c3e7113e6be Mon Sep 17 00:00:00 2001
From: Patrick Pacher <patrick.pacher@gmail.com>
Date: Tue, 11 Aug 2020 15:44:46 +0200
Subject: [PATCH] Retext block reason in domain heuristics

---
 firewall/master.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/firewall/master.go b/firewall/master.go
index a662663c..3989057d 100644
--- a/firewall/master.go
+++ b/firewall/master.go
@@ -315,7 +315,7 @@ func checkDomainHeuristics(ctx context.Context, conn *network.Connection, _ pack
 			domainToCheck,
 			score,
 		)
-		conn.Block("Possible data tunnel")
+		conn.Block("possible DGA domain commonly used by malware")
 		return true
 	}
 	log.Tracer(ctx).Infof("LMS score of eTLD+1 %s is %.2f", etld1, score)
@@ -335,7 +335,7 @@ func checkDomainHeuristics(ctx context.Context, conn *network.Connection, _ pack
 				domainToCheck,
 				score,
 			)
-			conn.Block("Possible data tunnel")
+			conn.Block("possible data tunnel for covert communication and protection bypassing")
 			return true
 		}
 		log.Tracer(ctx).Infof("LMS score of entire domain is %.2f", score)