Ok in addition below, here is some more that came in:

I've decided to list mailservers and client IPs separately, as I don't
think the correlation between mailserver and client is particularly important
at helping identify the infected party....

mailservers:

199.185.220.240 defout.telus.net
207.217.120.22  hawk.mail.pas.earthlink.net
199.185.220.220 outbound01.telus.net

clients (your machine):

137.186.203.155 a6jw43f5y37cg.ab.hsia.telus.net
69.22.73.72     user-12hcia8.cable.mindspring.com

-- Curt

------------- Begin Forwarded Message -------------

Date: Sat, 20 Sep 2003 12:43:58 -0400 (EDT)
From: "Curtis H. Wilbar Jr." <bsd@hawkmountain.net>
Subject: Gibe worm, clues to who is infected
To: port-sun3@NetBSD.org
MIME-Version: 1.0
Content-MD5: KDthT2ds2h+doqydXe7OEg==



Well, here is some info from a few of the attempts at infection.  Hopefully
this will help you identify if your computer is the one infected.

mailserver IP (mailserver name) / infected IP (infected name)

209.208.115.64 (not69box.atlantic.net) / 209.208.117.75 
(daytona-as-2-ip-28.atlantic.net)

195.121.6.38  (smtp09.wxs.nl) / 195.121.115.21 (ipc3797315.dial.planet.nl)

194.134.35.133 (smtp1.euronet.nl) / 81.69.49.36  
(wg-c-11324.mxs.adsl.euronet.nl)

So, ir your IP is one to the right of the '/', or you use the
mailserver to the left of the '/', then please.... check your machine.

Alternately if you know nothing of the IPs or names, if your part of
atlantic.net, wxs.nl, or euronet.nl check your machines.

Hopefully this will help the infected part find out they are infected so
they can help stop the spread of gibe (as well as disinfect their machine).

-- Curt



------------- End Forwarded Message -------------