Fair enough, though a decent NOC should still be able to see the abnormal flow on their network (200 million modems doing constant NTP or DNS lookups with no return flow *should* throw a few alarms).
As to how to mitigate that, I'm not sure. You can't just cut off NTP or DNS, and rate limiting is not going to help much due to the amplification. Any of the obvious solutions (redirect to ISP servers only, block outgoing, blocking IPs with outgoing requests but no incoming data) will either create massive privacy and security problems or result in the helldesk phones ringing off the hook with justified "can't browse" complaints.
It's almost like trusting a third party to develop business critical software might be a bad idea, no?