NTP users are strongly urged to implement Ingress and Egress filtering through BCP38 to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see this Network Time Foundation Post for more information.