There’s only been a single casualty that I know of, and that is the virtualized domain controller. The earliest is a complete article on practical article of the virtualized domain controller series.
I didn’t talk about virtualized domain controllers at all in the first article, which I have since revised.
Each NTP server responds with a list of the last 600 clients which is significantly larger than original request (one 40-byte-long request generates 18252 bytes worth of response traffic).
This leads to significant amount of UDP traffic which can be directed by attacker to any destination.
We need to create a custom firewall extension to open that port. Basically you need to create a custom XML configuration file in the directory /etc/vmware/firewall, e.g.
I recommend to stop using ESXi altogether or disable the NTP service and accept the fact that the time will be inaccurate.
Since that IP address does not belong to any VM and is actually assigned to VMware ESXi host itself, I started my investigation.
As it turned out: By scanning internet address space, attackers gathered a list of NTP servers which allow querying their status.
So I can understand people considering an exception and wanting to run an ESXi host as NTP server - it is a very lightweight service anyway ...
Now back to the question ..., and the answer is: Yes, it is.