Important Information Regarding NTP Vulnerability (CVE-2016-9310)
A security vulnerability regarding the NTP service (CVE-2016-9310) has been identified where an unauthenticated remote attacker can bypass the legitimate monitoring and trigger DDoS (Distributed Denial of Service) attacks.
Even though the impact caused by this vulnerability on Synology NAS is limited, Synology is now working on a DSM 6.0 update to address this vulnerability for precautionary purposes.
Synology's default configuration of NTP service is not vulnerable to CVE-2016-9310.
Enable the firewall to allow NTP traffic for trusted devices only.
Synology will release a DSM 6.0 update (6.0.2-8451-5) to address this issue in the coming weeks.