The “monlist” command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is driving. It is therefore necessary to restrict ntp configurations to not answer spoofed “monlist” requests. It is not necessary to update the ntp software itself.
To ensure that your ntpd installation can not participate in a DDoS attack, add the following line to your configuration: restrict default noquery