If you've port scanned your public IP(s) and there are zero open ports, then you only have to worry about bugs in the TCP/IP stack, services listening on UDP, and intentional backdoors (which shouldn't happen but keep popping up). If there are exposed ports, then there's even more attack surface.
Edit: actually I forgot the like of UPnP so that's not exhaustive.
