What attack has been detected if ICMP echo requests are received for the entire range of IP addresses on the external subnet?

The detection of ICMP echo requests being sent to the entire range of IP addresses on an external subnet indicates a Ping Sweep attack. This type of attack is characterized by the systematic sending of ICMP echo requests, commonly known as "ping" requests, to multiple hosts on a network in order to discover which hosts are active and responsive.

The primary goal of a Ping Sweep is to identify live nodes on the network, which can then be targeted for further attacks. By probing multiple IP addresses, the attacker can map out the network and determine potential vulnerabilities or entry points.

In contrast, a SYN Flood attack involves overwhelming a target system with SYN requests as part of trying to initiate a TCP connection, aiming to exhaust the system's resources. A Port Scan refers to probing a specific host to find open ports and services running, rather than sending requests across a range of addresses. A Man-in-the-Middle Attack typically involves intercepting communications between two parties without their knowledge, which does not align with the behavior described in the question.

Thus, the presence of ICMP echo requests aimed at a broad range of IPs clearly points to a Ping Sweep methodology employed by the attacker.