Once you connect to the Gnutella network, you advertise your IP address to other Gnutella clients. Those Gnutella clients will forward it to others upon request. This is how others you might have never connected to before are able to connect to you now.

When you disconnect from the Gnutella network, your IP address will still "float" around among other Gnutella client. They are held in a cache. These caches do expire after a certain amount of time, so they won't hold your IP address forever. For some, it's just a few minutes, for others, it may be a few days.

The issue here, is when your IP address is about to expire at one Gnutella client (say, it only has 10 seconds left to live), but another client requests more IP addresses, your IP address will now be in another one's cache, who may again store it for another period of time as a "fresh" IP address. And so on, and so on. So it may take a while before your IP address is completely out of the Gnutella network.

But for that reason, you will keep receiving incoming Gnutella connect requests, which may appear as "pings" in ZoneAlarm or other firewalls, because your client's isn't up and running (thus the system needs to report it as "closed", or in your case, filter the request out). That may appear as a hack attempt, while in fact it is not.

Now, this isn't something considered high-priority for most developers to solve. However, with the intruduction of some new extension within Gnutella itself, a proposal might come forth that adds a "freshness" or "age" tag to your IP address, so it can be removed from the network if it is getting "old" - ensuring it will be removed faster than currently done.