It seems thata hosts sending large amounts of NTP traffic over the public Internet can be safely filtered if you don't already know that it's one of the handful that's in the ntp.org pools or another well known NTP master.
Speaking as one of the 3841 servers in the pool.ntp.org pool, I'm happy to be described as a "handful," something my mother used to say, but I do feel obligated to point out that it's a pretty big handful especially if you want to be fiddling ACLs on an hourly basis which is pretty much what it takes. And, of course, if you're one of that handful, then you've pretty much got to allow that NTP traffic in, although you're also probably, hopefully, clue-full enough not to let random hosts make you a DDoS accelerator. (the other) jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms@Opus1.COM http://www.opus1.com/jms