rpciod and ports 799/800 udp

["J. J. Horner" <jhorner () 2JNETWORKS COM>]

My machine is trying to listen on udp ports 799 and 800.  The only process
still active is rpciod and it won't die.  Does anyone know if this matches
an m.o. of a known rootkit?  I have udp 799 and 800 blocked at my firewall,
but I'd like to know what is going on.  These ports do not list an owning
process when running 'netstat -tupan'.

Thanks,
--
J. J. Horner
jjhorner () bellsouth net
System has been up: 30 days.