Oh come on!!! After we finally start to fix the DNS reflector exploits, we now have to deal with NTP?!

In a nutshell, to test, enter this command:
ntpdc -n -c monlist 127.0.0.1
If you get anything useful as a reply, you should fix your server.

To fix, add this to your /etc/ntp.conf:
disable monitor

Full article:
https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300

Scary part: It seems that possibly Juniper routers enable an old ntp server together with the ntp client. Yes… that means exactly *that* 🙁