The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the “other side” of an interleaved association causing the victim ntpd to reset its association.
Remove the "xleave" option from the "peer HOST xleave" lines in your ntp.conf if it exists, to entirely disable interleaved mode.