Shouldn't be difficult to block
About a year ago, my router logs showed a spate of 'sniffing' on the ports of my domestic FTP server; coming from IP addresses listed as being in China. The FTP server username and password are _not_ the equipment default values.
After a couple of days, the sniffing stopped - nothing to see here, move along; I suppose.