If you're concerned your NTP servers may have the monlist command enabled and therefore be available for attackers to use to mount these reflection attacks there is a Nessus plugin to check for this: http://www.tenable.com/plugins/index.php?view=single&id=7178...