The remote host is running XDMCP. This protocol is used to provide X display connections for X terminals. XDMCP is completely insecure, since the traffic and passwords are not encrypted. An attacker may use this flaw to capture all the keystrokes of the users using this host through their X terminal, including passwords. Also XDMCP is an additional login mechanism that you may not have been aware was enabled, or may not be monitoring failed logins on.