ZoneAlarm firewall runs on this host. This version contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to ZoneAlarm not monitoring and alerting UDP traffic with a source port of 67. This allows an attacker to bypass the firewall to reach protected hosts without setting off warnings on the firewall.
Upgrade at least to version 2.1.25