On Feb 3, 2014, at 3:29 PM, John R. Levine <johnl@iecc.com> wrote:
It seems thata hosts sending large amounts of NTP traffic over the public Internet can be safely filtered if you don't already know that it's one of the handful that's in the ntp.org pools or another well known NTP master.
Speaking as one of the 3841 servers in the pool.ntp.org pool, I'm happy to be described as a "handful," something my mother used to say, but I do feel obligated to point out that it's a pretty big handful especially if you want to be fiddling ACLs on an hourly basis which is pretty much what it takes.
I was thinking that the ntp.org servers on any particular network are a small set of exceptions to a general rule to rate limit outgoing NTP traffic.
www.pool.ntp.org allows any NTP operator to opt-in to receive NTP traffic should their clock be available and accurate. - Jared