I have a number of openSUSE VMs (mostly 13.1). One of the VMs is configured to sync its time with the outside world, the other ones sync with this one. This has never caused problems (that I am aware of).
Now I noticed that ntpd on the outside-connected VM causes about 9% CPU load (permanently!) and makes connections to 15+ hosts causing outbound traffic of about 100K/s and inbound traffic at a little lower level (all from/to my UDP port 123) – which even continues (now for several minutes) after I have stopped ntpd and there is no such outbound traffic any more.
I had configured ntpd to the pool address de.pool.ntp.org but that does not make a difference.
I made a distro upgrade (booting from DVD) and afterwards even reinstalled ntp without any change.
Edit: problem "solved"
After I have blocked incoming UDP 123 completely ntpd acts normally. I still don't understand what may have caused this. It should not be possible to connect to this VM port from the outside. There is no port forwarding in the VDSL router.
But: A few minutes ago I sent a UDP packet to port 123 from the Internet and (whyever) the VDSL router passed it to the VM. If I repeat that now then the packet does not reach the VM any more. Maybe that was a strange NAT side effect of the many UDP 123 connections.
I am going to block this traffic except for the intended servers.
