I opened a ticket with JTAC about this same vulnerability on our EX4600 core. They pointed me to this
This vulnerability has been described on security bulletin JSA10613: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=METADATA and PR 1234119 https://prsearch.juniper.net/PR1234119
They said the best way to mitigate this is a firewall rule, here is what they wrote
If a possible attack has been identified, or if the NTP process is occupying a large amount of CPU or memory resources, the most effective mitigation is to apply a firewall filter to allow only trusted addresses and networks, plus the router's loopback address, access to the NTP service on the device, rejecting all other requests. For example:
term allow-ntp {
from {
source-address {
<trusted-addresses>;
<router-loopback-address>;
}
protocol udp;
port ntp;
}
then accept;
}
term block-ntp {
from {
protocol udp;
port ntp;
}
then {
discard;
}
}
This term may be added to the existing loopback interface filter as part of an overall control plane protection strategy. In general, security best practices recommend having such a filter term, even during normal operation.