95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining 17,000 are still a concern. Attackers took advantage of a weakness in the Network Time Protocol (NTP) to send copious amounts of traffic to spoofed destinations. The latest version disabled the monlist feature, or MON_GETLIST command, which is used to synchronize time settings across computers, in the latest version of the NTP software. As of May, more than 2,000 remain that have the capability to launch attacks with 700x amplification.
Source: https://threatpost.com/dramatic-drop-in-vulnerable-ntp-servers-used-in-ddos-attacks/106835/