Originally Posted by
laserlight
I agree that what you say holds true most of the time. However, consider: an attacker might be specifically interested in your server, i.e., this attacker might not just be looking for an easy target. Furthermore, an attacker might have inside information, e.g., he/she was an ex-employee/friend turned enemy with some knowledge of your network configuration, including the non-standard port number.
It is not a terribly good analogy, but I might liken this to ciphers: a strong cipher provides secrecy even if it is known, whereas a weak cipher might only provide some measure of secrecy as long as it remains secret. A strong cipher that is not known would make an attacker's life even more difficult, but the strength of the cipher is independent of whether it is secret. In this case, I am arguing that the security of the server is independent on whether it is a likely target, although it is obviously good to avoid being a likely target.