FTP Access Probe?

[FKnobbe () HOME COM (Frank Knobbe.)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

On June 15 I had someone FTP into my server at home and create a
directory called '. 21122115p' in my Incoming directory (anon has
write access. It resides on an isolated partition). The user logged
in anonymously with password 'guest () here com' and came from IP
216.209.63.32. I didn't think much of it until I saw the same
behavior on my commercial server a day later. Again anonymous login
with 'guest () here com' but from a different IP address
(212.95.78.113). He tried to create similar files (. xx121516p [as in
. 59121516p, . 53121516p, etc.]) in the public directory,
unsuccessfully.

Since my server at home (@home network) and my commercial server
(regional DSL provider) are on completely different ISP's/subnet, I
assume other network have been probed as well.

I'm assuming the scanner was probing for write access on directories
one level below the root dir. Any known tool to do that?

Regards,
Frank

PS: Strangely, on the second day on my commercial server he tried to
login as 'anonymous () ftp microsoft com' first before logging in as
'anonymous' with password 'guest () here com'.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBOU1T00RKym0LjhFcEQKHEgCg+/a0bOjyvgoYtxlgoNRo70NGdwwAoJmB
pTGewxLxkjjkADnaC3sFpkPy
=+T4h
-----END PGP SIGNATURE-----