To be completely pedantic, a machine with no network services running is not necessarily
Most obviously, attacks can come in from compromised hosts you connect to. This is the most
common attack vector these days thanks to malware on websites.
Secondly, attacks can exploit vulnerabilities in the networking stack which can be tripped
without a connection succeeding. I can think of two: the ping of death, and that nice
information leak a while back where Linux was sending out Ethernet frames padded with random
uninitialized rubbish from kernel memory (which could of course contain private data).