There are a variety of very effective methods...
however I find this one works the best...
Go to the Head of the IT department.. get permission to turn firewall off.
Walk up to console.. shutdown firewall.
No seriously.. can you be more specific about why you need this information. Its kinda like asking "Hey how do you kill smoeone in 5 ways with your bare hands".. I could tell you, but would it be ethical ?
Crashing a system is always much easier than
1. Working around it
2. Exploiting it.
Any system has a finite amount of resources it can draw on (RAM, CPU, Disk space etc)... if you can quantitatively exhaust any or all of these, some operation ceases and you win.
TCP/IP makes life easier. You can use the protocol with complete anonymity if you are not interested in getting anything back from a connection.
Consider a situation where a stateful inspection packet filtering firewall has to handle a million different connections from spoofed source IP addresses, each of these sending heavily fragmented packets that it needs to reassemble. This uses processor time and vast quantities of RAM.
If you want an example of something like this at a very simple level, google for the recent bug in zonealarm that caused it to crash (and take the system with it) when it was forced to process a massive number of random UDP packets.
Of course thats a tiny personal firewall.. but the bigger they are, the harder they fall.