Thanks for the reply.
<Once a node make a connection it may be in touch with thousands of other peers. These peers will regularly try and contact the host to download files or form new gnutella connections. If your firewall's blocking this they'll never get through. >

That could in theory cause a DOS unknowningly. Example, thousands of users start trying to contact a node behind a firewall that identified its IP as a sharer.
After that node shuts off and say later that day the hosts/peers decide to connect to that node and get /dev/null'd by the firewall but they keep retrying until they get a deny or some other form of contact, or perhaps give up after say 4 attempts. While this is fine for less than 100 users, a thousand plus would saturate a T1 easily (luckly we have a DS3). Even though those are small packets of say 1k, when you multiply them by 1300 users = 1.3meg of needless traffic, times the retrys ect. On Monday we calculated (at peek) 150K/sec(about 120 unique IPs some continually attempting) of attempts to contact a broadcast IP on our Net (still don't understand that, lol 255 off of a /24). Anyhow if you were to ask an ISP about that type of traffic it would clearly look like a DOS attempt. But still not sure what was behind the attempts, got over 8meg of syslogs with these attempts. We finally routed the traffic to one of our DMZs and set up a PC just to reply with a FIN then RST and they went away, after several mins. We would have setup a xolox client there, but didn't know what protocol was behind port 6346 till just today.

Take Care
-Joe