NTP requests sometimes exceed the threshold that individuals consider abusive. There is no consensus on what that threshold rate is. There is also no consensus on the throttling mechanism: total block, rate-limit, …
I’ve worked with a few folks in the NTP Pool to investigate high rate NTP requests. Another example is the “1N14” clients. Most of the “abusive” sources seem to be bugs, or lazy/inconsiderate clients. One such example is simultaneously restarting hundreds / thousands of VMs but pointing the time requests traffic to a single NTP pool server. [The admins should configure a local stratum 2+ server instead.] But these probably not intended to crash the NTP server.
The most prominent malicious attack that I am aware of is the monlist vulnerability in the reference NTP distribution. This was fixed years ago. I’d also classify NTP reflections as a potential problem.
This is not a simple discussion. Being based on unauthenticated UDP, NTP is inherently vulnerable to abuse. Some operators favor aggressive rate limiting. Some people see NTPsec as the answer. I don’t have a good solution, so I study the abusive traffic (tcpdumps) and lobby with the responsible party for remedies. Sadly, it is often impossible to identify or communicate with the responsible party.