Does the FTP service allow passive connections?
I was playing around in the registry, looking for odd things, and found this strange entry under System\CurrentControlSet\Services\MSFTPSVC\Parameters: EnablePortAttack: REG_DWORD: If set to 1, you can do passive connections depending on the TCP port you use. A passive connection is where you can connect to FTP site alice.com, and from there connect to site bob.com. It is used by hackers because any odd connections at bob.com will appear in logs as coming from alice.com. Most typical is a port scan. A port scanner for doing this from a Unix box can be found at Packetstorm.