Unfortunately, I'm not a security expert, so I really can't tell you how to correct this. About all I can do, is offer a few more questions, that might help you to chase this dowm.
(same or similar with Mint and Arch)
You did not specify if Mint and Arch are on the same box, I assume they are. If they are, I'll assume they are loaded into different partitions (I don't think they'd work otherwise). So my next question would be, where is /home located? Do you share the same /home between both distros on the same box? If so, you may discover some nefarious programs somewhere in /home.
Edit: I blocked some with "hosts" and everything still works fine.
Again you didn't specify, so I'll assume you're referring to hosts.deny
I'm not entirely sure about this, but I think hosts.deny will only stop incoming traffic from those hosts, it will not stop any outgoing traffic from "your" host to another. You may not have stopped anything being sent outbound, only your ability to see what is coming back. I'd keep looking for a solution, if I were you.
and set up the firewall to block all incoming, allowing only 192.168.1.0/24/tcp. I think that will block anybody from the internet from connecting to my computer. Is this assumption correct?
You did not address any UDP connections, so you haven't blocked everything. Also, I think that once a connection is established outbound, by your box, it will maintain that connection, even though others have been blocked. So in otherwords, no your assumtion is not correct. If you had restricted everything to just "your" network, the 192.168.1.x, you would not have been able to make your second post for a follow up question.
If there is something in your box, establishing an outbound connection (virus, whatever), that connection should be maintained until your box no longer needs it. So, you really need to determine what is causing the connection to be established in the first place.