What can you do with my IP/drawbacks to simple domain foward

[linksLarry]

Naive question in title. I tried searching about IP addresses, security threats, ect.

My guess is you could continually ddos me, using tons of bandwidth and causing my isp to drop/overcharge me; which is why I need to study more before publicly launching my domain from an RPi from a friends house right?

Am I missing something, could you get root somehow or figure out more about me? My guess here is you could get my city and isp, but with dhcp probably not my name without a warranrt (well, from the isp anyway, any 3rd party site I've visited in the clear may have more with cookies, limiting java has to help I think ....)

TL;DR Pretend I'm an idiot (not a huge ask), how stupid would it be to foward a domain name directly to my isp, set up port fowarding, and post content publicly and why. Asking for a friend of course he he.
_________________
Moo

[NeddySeagoon]

linksLarry,

Does your ISP permit you to host servers or do they block well known ports incoming?
Many domestic ISPs block the required ports because few customers want them and even fewer know what they are doing, so it saves them a lot of trouble.

You can often still run servers on non-standard ports but that's not so useful.

I expect you have a dynamic public IP. The IPv4 address space is full, so ISPs time share public IPs because there is not enough to go round.
When you connect, you get an IP. When you disconnect, it goes back into the pool to be allocated to another customer.

Some of the more parsimonious ISP (mobile networks especially) don't even give you a public IP. They run NAT.
Its not possible to host servers when your boundary does not have a public IP.

The dynamic IP problem can be overcome with services like noip. That's not a recommendation. I've been with my ISP for 20 years. When I signed up they said would you like one static IP or a block of 8. As it was the same price ...

As the IPv4 address space if full, you will get port scanned and lots of other probes.
Set up key based ssh access only. sshd will still do the password dance be reject every password, so that it does not give away that passwords don't work.
Keep everything up to date.
Do not run any services that you don't need. (The wider you open the window, the more the dirt blows in)
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[linksLarry]

[NeddySeagoon]

linksLarry,

It's not a case of scraping all of IPv4. Its full. Whatever random public IP you try, will find something, well almost.

Running a non Intel/AMD system helps a bit. The 'script kiddies' assume that everyone is using that, so the shell code fails.
Static websites are safer than dynamic, as there is no dynamic content generation engine to attack.

I rent a whole server in a data centre and divide it up into KVMs, so one KVM, one task.
Its almost all Open Source support related. I post links into it here and on the Wiki too.
There is no such thing as security by obscurity.

No security is perfect either. Your main objective is to make it clear to would be attackers that there are easier targets and they should leave you alone.
Think XKCD.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.