So going through this it appears you don’t like it, it doesn’t make you happy, and then at the end the issue for not liking and being unhappy is contained in the following comments:
<quote>
I know that by obscuring my IP doesn’t make me secure, but if you don’t know my address then you can’t burgle me.
</quote>
<quote>
On a final note it concerns me due to the fact profiling is a lot easier. Say I post my ssh config up and it has a blatant error. No one responds but Mr Malicious decides he doesn’t like me it is trivial to now use the exploit. Say you post that you’re going to use something a little dubious till a better fix to which there is a post about at the moment.
</quote>
If I’ve missed something material please let me know.
So there are a few reasons that none of this really concerns me, and I don’t really care about people knowing “my” IP address. First, let’s start out with the things that don’t matter. As a regular-old user on the world wide wait I pay my ISP to use one of their million IP addresses and those are given out to me whenever I power on my machine… except that it’s not really tied to my machine. Because I’m a regular old Joe-average user I have a little router that the phone/cable/fiber company gave me that lets me plug in two machines, and IT actually has the IP address that is publicly-accessible. Well, that’s not even entirely true all the time. The device from the phone/cable/fiber company often has the actual IP address and then puts everything including my own router and machines on a private network with a 192.168.x.x or 172.16.x.x or 10.x.x.x network.
Going along the same path the IP address that is “mine” isn’t really mine any more than a time share in Sun Valley, ID is “mine”. Sure, while I’m there you can find me there, but if your arbitrarily launch a missile there you’re not going to do me any damage unless runing my vacation plans in six months counts. IP address are typically static. Some ISPs let you get a static IP address so one is actually assigned except you until you leave and then it’s assigned to the next Joe-average user, but Joe-average users don’t get static IP addresses because there is no benefit in doing so. For those that do I’ll address that later. Because IP addresses are dynamic you can launch a virtual missile at me and you’re as likely to get the mayor across town as you are me, and even if you did happen to reach my “home” you would be attacking the poor little phone/cable/fiber box that the phone/cable/fiber company provided to me. Does that hurt me? Not really… I don’t care if it breaks that much since I’ll just get a new one (and a new IP address) and an attack from Mr. Malicious isn’t likely to set the box on fire (I’ve never heard of that happening outside sci-fi stories).
So that leads to slightly-more-relevant points. What if my IP address really is mine (you can check; it really is mine). What can I do with your IP address? Well, I can send packets to it just like every other attacker, botnet, and virus is already doing to it every hour of every day without your knowledge. Many of these will be filtered by your ISP, potentially, though let’s pretend that never happens. The rest of them will reach your cable/phone/fiber box and, since they are just unsolicited packets, immediately be sent to the bit bucket (/dev/null, a black hole, the garbage bin, and not the one that takes space); no lasting impact with that route. They could also send me e-mail… except my e-mail through my ISP doesn’t go to my IP address so that doesn’t help them. They could try to reverse-lookup my IP address and find out who my ISP is and realize I’m somewhere under xmission.com, though that doesn’t help much unless they have real missiles and then I’m going to die no matter how many IP addresses I hide behind. Pretty much everything you can do with an IP address that is malicious in a targeted way is already being done maliciously in an untargeted way (botnet, virus, etc.).
So what can you really do with an IP address? Not much. IF you change your default firewall settings AND put your box directly on the Internet then you may have a problem, but since this is really far from the default I’m going to have to agree that the poor sap deserves it. Putting a box directly on the Internet without knowing you are being attacked 24x7 is mindlessly arrogant (ironic) or ignorant (more likely). Running with a firewall that lets traffic into your box in a way that would let a malicious attacker do something is also insanely dumb. From the times I’ve been attached directly to the Internet with a full box that could get a LAN trace most of the attacks are geared toward microsoft OS’s (TCP 135, 137, 139, 445, etc.) and the majority of the rest are for worms specific to windows (already-infected boxes… we don’t care about those as they’re hopeless as is) or maybe a few standard ports for remote access (SSH, FTP, etc.). Since I’ve already stated putting your box directly on, and accessible by those on, the Internet and then opening ports is really dumb this isn’t much of a concern. Those who do so are either professionals or are going to be compromised by the random scanning bot before they have time to make somebody in a forum mad. For the IP address you have at work that may actually be a real IP address (like mine at work often is) you have an IT department with probably no less than a router and a firewall both protecting you.
Now let’s consider somebody who is truly malicious. I’ll play that part. “Dear FeatherMonkey, oh great helper of Linux people… I have a web server problem. I get a weird error that I can’t decipher when I go to http://www.mypage.com/getYourIPAddress.php that I can’t figure out. Could you please go there and tell me what it means? This is my first time ever with a server and I’m pretty sure this is just about working, but the error looks like I’m missing a comma or a quote or a conscience or something… Thanks in advance!!! Lol shame”
So being the generous person you are (caring about people who don’t know their IP addresses are available) you visit the link, see the error message that the malicious individual created to make it appear PHP is missing a close quote somewhere, and in the meantime they (as the 0wn3r of the site they attacked and control) now know your IP address. You’re back to your original point but without really having done anything and even if IP addresses weren’t posted on the forum. Thankfully you aren’t mindless and run a windows box without a firewall directly on the Internet, and if you did you wouldn’t be any worse off since you’d already have more viruses than, well, a lady of the night.
So is this a problem? I don’t think so. If you really expect anonymity everywhere you go online then you have to work at it just like in real life. IP addresses are not generally any one person’s like they are sometimes assigned to a given company so there is some degree of feeling “hidden” historically but that is an illusion without working at it and truly implementing something that hides you well is just less-understood. For somebody truly concerned about having their IP known they must go out of their way to use a technology that guarantees anonymity and in doing so usually are beyond the scope of your concern.
I’m sure there are some scenarios I’ve left out, but considering the prevalence of anonymous attacks at random to IP addresses all day every day I don’t think they matter any more than the notes made above.
Good luck.