I have a firewall, that filters almost all of my open ports.. It may be better just to stop the appropriate services that require these porst, but I didn't find how to. Today when I nmaped myself I got the following:
What is that 1387 port? What is cadsi-lm? Where did it appeared from!?

Do you really require finger, sunrpc? I would suggest you disable those services.

How? By commenting them in /etc/services? Will that really disable them?
Btw, after reboot the strange port didn't appear.. strange..

yes and by checking your rc.X and removing them...also

cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
cadsi-lm 1387/udp Computer Aided Design Software Inc LM

not sure if a trojan runs on these also but this is what that port is known for.

One thing to keep in mind. The ports over 1024 are often dynamically assigned, meaning that any number of services could be using that port. Nmap simply uses a list of common port assignments to designate which service is using that port (unless you have recently upgraded to the brand new version of nmap). It could very well have been something like an established ssh or http connection. If you continue to see that port open after subsequent reboots or other strange activity, then you should be concerned. If your still paranoid about rootkits, try running chkrootkit.

Also, using nmap to scan yourself isn't the most reliable way to check your security, try using nmap from another machine outside your LAN for a more accurate scan.