runnning a service on an alternate port is generally extremely easy to do and has several benefits
1) It makes it easy to pick out the serious attackers. If you run SSH on 34985/TCP for example and start getting password brute force, you've got an idea it's a targeted attack, whereas on 22/TCP you get hammered by dumb bots all the time.
2) If someone is slamming round as fast as possible popping boxes with an 0-day they'll likely only bother with default ports (e.g. SMB worms, they compromised a lot of systems, but only on default ports)
runnning a service on an alternate port is generally extremely easy to do and has several benefits
1) It makes it easy to pick out the serious attackers. If you run SSH on 34985/TCP for example and start getting password brute force, you've got an idea it's a targeted attack, whereas on 22/TCP you get hammered by dumb bots all the time.
2) If someone is slamming round as fast as possible popping boxes with an 0-day they'll likely only bother with default ports (e.g. SMB worms, they compromised a lot of systems, but only on default ports)