There are widespread DDoS attacks on the Internet within the last few weeks relating to NTP. The bad guys are looking for NTP servers that respond to a small packet with a large amount of return traffic, referrred to as amplification. Because NTP is UDP based, the object is to spoof the victim's source address and send a flood of small trigger packets to several vulnerable servers which then flood the victim with massive amounts of data, overwhelming the ultimate target network.
I'm not sure of the exact interpretation of the Adtran error message. It may mean that the TA904 is receiving the results of an attack directed towards it, or that it or a device behind it is being probed for vulnerability.
You can query your network for vulnerable servers here, substituting your network's IP for x.x.x.x. http://openntpproject.org/search2.cgi?botnet=yessir&search_for=x.x.x.x
This will respond with a list of known vulnerable devices within the /22 of the IP in question.
Bottom line, unless you need a device on your network to act as a time server to outside hosts (and you probably don't), deny inbound UDP traffic with a destination port of 123 from entering your network.
Thanks for posting. Just to add Jay's response above, we do have a feature which may be beneficial to you. In all firmware versions, we should be able to block NTP using an access-policy or an access-group on the interface. However, in versions R10.7.0 and higher, we have an NTP access class. Below is an example configuration.
ip access-class standard NTP_Servers
permit host x.x.x.x
ntp ip access-class NTP_Servers in
This will restrict NTP inbound to the unit to only those IP addresses specified in the ACL.
I think the first line should be:
ip access-list standard NTP_Servers
Does this also help SNTP server attacks? I did not see any AOS option for "sntp ip access-class"