Abstract: Based on the analyses of characteristics and disadvantages of several routine attack guards against DDoS, along with the combination of pocket flow detection technology and the improved TCP Cookie technology, an attack guards pattern against SYN Flood is established in IPv6 Environment, which is called PDIF (Packet Detection and Intelligence Filter).By means of detecting whether the packet overflows the threshold, an attack can be analyzed and detected.An intelligence filter is realized by verifying the TCP access effectiveness of remote clients to implement pocket intercept and to let through normal traffic.Trial tests are conducted successfully in the laboratory.