Security Researchers at Symantec have spotted Network Time Protocol (NTP) reflection DDoS attacks being launched by cyber criminals during the Christmas Holidays. NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don’t worry about it after that. The attackers are taking advantage of the monlist command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server. On December 16, there were almost 15,000 IP addresses involved in the NTP DDoS attack.
Source: https://thehackernews.com/2014/01/Network-Time-Protocol-Reflection-DDoS-Attack-Tool.html