Sybil attack is a destructive attack in wireless sensor networks, where a node illegitimately takes on multiple identities. Some scholars focus on how to defense against Sybil attack if the attackers launch selective forwarding attack. However, threat of network lifespan caused by Sybil attack is ignored. In this paper, we demonstrate that network lifespan is possible to be shortened by Sybil attackers and then we put forward a countermeasure against Sybil attack based on RSSI ranging and data flows monitoring. First, we detect suspicious nodes (we call them as node M and node N) if all of their common neighbors find node M and N have the same distance to them. Second, a suspicious node will be marked as Sybil node if its data flow is abnormal according to criterion. Simulation results show that proposed secure mechanism can effectively detect Sybil nodes with a misdetection rate of 6.7% and a false alarm rate of 3.3%. Additionally, proposed security scheme extends the network lifespan by 26.3%.