source: http://www.securityfocus.com/bid/1137/info

Certain versions of Zone Labs personal Firewall have a vulnerability which allows malicious users to port scan the firewall without being detected. In particular if the port scan originates from source port 67 on the attacking host the ZoneAlarm fails to register the attack.

nmap -g67 -P0 -p130-140 -sU <targethost>