In order to avoid NTP reflection attack , you need to disable the monlist command support or this can also be fixed by updating NTP to 4.2.7

vi /etc/ntp.conf

restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap # allow NTP messages from the loopback address, useful for debugging restrict 127.0.0.1 restrict ::1 # server(s) we time sync to server pool.ntp.org driftfile /etc/ntp.drift