The server motherboard I just bought has this as well. Thankfully access to it is at least isolated to a separate network port. I'm debating supergluing it closed or maybe physically disconnect the port somehow.
You may want to review that very carefully, typically if that separate network port doesn't have a live network on it that issues DHCP addresses the functionality will fall back to the port that is attached.
Oh fun. Thank you for the tip! Any sugestions on how to go about this? I'm a relative newb in these matters. Switching from MacOS to linux daily driver
Keep an eye on ports 16992-16995, 5900, 623, 664, and realize that packets destined for those ports may never become visible to the OS so you'll have to catch them in transit to the board. Another place to look at is what DHCP leases are issued by your DHCP server, conceivably the management engine could request an address for itself.
Also be aware of the sideband interface[1] available to the IPMI by checking the block diagram in your motherboard's manual. For instance, here's AsrockRack's X470D4U diagram[2] showing the IPMI can be accessed directly through its dedicated NIC and also sideband through one of the main NICs.
