In this example an attack is launched from the server mars to the server venus.
The usernames and passwords files have been trimmed to only use 16 usernames
and 9 passwords.

  mars:> ./fastbrute venus
  fastbrute ver 0.50a
  Started...  (Loaded 16 usernames, 9 passwords)
  tried 0
  FOUND: bfuser4 pass3
  tried 24
  tried 48
  tried 72
  tried 96
  tried 120
  Finished.

It has found a pair "bfuser4/pass3", a dummy account that was created 
to confirm that the attack is working. While this has been running, 
in another window we check what is happening on the network,

  mars:> snoop -ta port 21
  Using device /dev/hme (promiscuous mode)
  13:27:44.34323      venus -> mars       FTP R port=53884 530 Login incorrect.
  13:27:44.34372       mars -> venus      FTP C port=53884 USER bfuser1\nPASS p
  13:27:44.35921      venus -> mars       FTP R port=53884 331 Password require
  13:27:44.40029       mars -> venus      FTP C port=53884 
  13:27:44.50319      venus -> mars       FTP R port=53882 530 Login incorrect.
  13:27:44.50369       mars -> venus      FTP C port=53882 USER bfuser2\nPASS p

We can see it is working.
On venus we check if this attack has been noticed,

  venus:> tail -5 /var/log/messages
  Oct 24 13:27:45 localhost ftpd: mars: connected: IDLE 
                                   [7389]: failed login from mars [192.168.1.1]
  Oct 24 13:27:45 localhost ftpd: mars: connected: IDLE 
                                   [7389]: failed login from mars [192.168.1.1]
  Oct 24 13:27:45 localhost ftpd: mars: connected: IDLE 
                                   [7389]: failed login from mars [192.168.1.1]
  Oct 24 13:27:45 localhost ftpd: mars: connected: IDLE 
                                   [7389]: failed login from mars [192.168.1.1]
  Oct 24 13:27:45 localhost ftpd: mars: connected: IDLE 
                                   [7389]: failed login from mars [192.168.1.1]

It has, confirming ftpd is reporting this attack correctly.

Does your ftp server correctly report brute force attacks?
This tool can help you check.
