yup. l0pht made one called "antisniff" or something. 
another one I just found on packetstorm;

http://packetstorm.securify.com/UNIX/IDS/neped.c
http://packetstorm.securify.com/UNIX/IDS/neped-libnet.tar.gz

possible that the users machines have been compromised. moral of the story, NEVER assume any machine (at either end) are not monitoring your actions in one way or another.
install ssh. disable ftp, or switch the ports. :>