syn-flood is a common denial of service attack. It uses the characteristics that it requires three-way handshake to establish TCP connection to send a large number of illegal first handshake packet to the target, leading to establish a large number of TCP connections of SYN_RCVD state on the target.So the target cannot establish normal TCP connection. This paper firstly describes the process of establishing a TCP connection,and then proposes a way that agency three-way handshake to solve the problem of over-consumption of resources. It is proved that it can reduce the harm of the syn-flood attack.