Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? , (Sat, Aug 22nd)

I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be sent to any ports to find out if it is listing for this service. Here are some examples: 

Article Link: