hi Seymour.
The attack is named by "directory traversal".
There are almost non-sense if someone get the contents of /etc/passwd.
I think it is just a mischief or checking the security level of your site.
Since there are a certain numbers of XSS scanner,
it is quite natural if "directory traversal scanner" exists.