中文摘要：

目前，SYN FLOOD攻击占70%~80%。IP欺骗是常用的方式，如何防止IP欺骗的SYN攻击成为研究热点。设计是以redhat 5.0为平台，结合RED算法设计并实现一个抗SYN攻击的包过滤防火墙，该防火墙在轻度和中度攻击的情况下判断一个数据包的丢弃概率，当被丢弃则保存该数据包到哈希表中，主机等待客户机重传TCP连接请求，检测是否是真实性的IP地址，经过分析研究和实验的验证具有较好的吞吐量，同时正常数据包的通过率很高。当遭受的是重度攻击时，则直接采用的是RED中的随机丢弃数据包。

英文摘要：

Currently,SYN FLOOD attack occupies 70%~80% in total attacks,among which IP spoofing is a commonly used way. How to prevent IP spoofing SYN attack has become a research hotspot. A packet filtering firewall resisting SYN attack was designed and realized on the basis of redhat5.0 platform and RED algorithm. The firewall judges the dropping probability of a data packet in the case of mild and moderate attack. The data packets is stored in the hash table if it is discarded,and then the host computer waits for the client to retransmit TCP connection request and checks the authenticity of the IP address. The analysis and experimental verification results indicate that it has better throughput,and its normal data packet passing rate is al-so high. When it subjects to severe attacks,the random discard packets in RED is used directly.