Our filers have been used in a large scale NTP reflection attack. I can not find any documentation on how to restrict or turn off monlist queries. options.timed doesn't seem to handle that part of the config
Any one have ideas?
Paraphrased from my support case,
Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch.
As a workaround either disable NTP until a fix is released, or block port 123/udp with a firewall.