A more general solution is to install rate limiting policies for NTP, SNMP and CHARGEN at the border router. This lets you keep and use useful services while preventing them from being used in amplification attacks. -- Rich P.