Problem description
If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response.
Impact
If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.
Original advisory and solution
FreeBSD-SA-10:02.ntpd