I know it's a long time, but I'm cleaning up old NTP bugs atm. While it is true that the comments could (have been) be more explicit the risk of being part of a DRDoS attach has been fixed upstream. See http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.
Recent releases have these versions (or newer), therefore setting fix released. ** Changed in: ntp (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1263703 Title: Warn on noquery in ntp.conf Status in ntp package in Ubuntu: Fix Released Bug description: The "restrict" row comments of the default /etc/ntp.conf configuration file should more explicity warn(!) against the dropping on "noquery" or similar options, because their removal might cause the server to become vulenrable to (become a party in) DoS attacks. Many admins have mistakenly removed the block, thinking they have either enabled the server to be queried from the subnet in question or made it more usable by doing so. This resulted in a number of reflection attacks via NTP we have been seeing in the past few days. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1263703/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp