The invention discloses a Bloom Filter and open-source kernel-based method for defensing an SYN Flood attack, which comprises the following steps of: 1, judging whether being subjected to the SYN-Flood attack; 2, establishing a Bloom Filter structure; 3, updating a credible IP address and TTL data of a kernel layer, and starting to filter a data packet of the kernel layer; 4, filtering a TCP SYN data packet according to the credible IP address and the TTL record by using the kernel layer; and 5, stopping filtering the data packet of the kernel layer. The method has the advantages that: 1, by improving an original structure of a Bloom Filter that a single bit array corresponds to a plurality of hash functions, a structure that a hash function corresponds to a bit array is adopted, so that the false alarm rate is effectively reduced, and the efficiency of storing and searching the data packet on the premise of ensuring the accuracy rate is improved; therefore, the method can effectively defense the SYN Flood attack; and 2, the problems that the kernel layer has high efficiency but is not suitable for processing complicated programs and a user layer is not compact with a kernel protocol stack are solved by the cooperative processing of combining the kernel layer and the user layer of an open-source operating system, so that the efficiency of processing the data packet is improved.