Hi Folks,
I am more interested to know, what is keeping the CPU busy. So please get the below data from the box.
1 HOUR with snapshot for every 5 seconds
top -s 5 -d 720 -n 100 >> /var/tmp/top.txt &
There is a security bulletin for NTP server amplification denial of service attack; however you Junos will have the fix for the same.
2014-07 Security Bulletin: Junos: NTP server amplification denial of service attack (CVE-2013-5211)
Do you have a loopback filter in your box?
If a possible attack has been identified, or if the NTP process is occupying a large amount of CPU or memory resources, the most effective mitigation is to apply a firewall filter to allow only trusted addresses and networks, plus the router's loopback address, access to the NTP service on the device, rejecting all other requests. For example:
term allow-ntp {
from {
source-address {
<trusted-addresses>;
<router-loopback-address>;
}
protocol udp;
port ntp;
}
then accept;
}
term block-ntp {
from {
protocol udp;
port ntp;
}
then {
discard;
}
}
This term may be added to the existing loopback interface filter as part of an overall control plane protection strategy. In general, security best practices recommend having such a filter term, even during normal operation.