Is there a good reason for someone to want a high volume of NTP requests? How do the owners of these servers not share more of the blame for sending so much data at a web server?
It should be straight forward to implement a protocol that each NTP server won't send data to the same ip more than once every 10 seconds regardless of the number of requests.
It's already been fixed. Newer version of NTP don't reply with more data than it gets sent, so you can't use the server for amplification. It's servers that have not been updated that are issues.
It should be straight forward to implement a protocol that each NTP server won't send data to the same ip more than once every 10 seconds regardless of the number of requests.