They're related to tracking shortcuts, and I can't think of any reason someone would request them from your Web site. I'm not aware that those files would be useful in a malicious attack. I just checked the logs on a busy public server, and didn't find any such requests, so it's not a common problem.
I could tell you more if you include the full log entries.
This was first published in May 2003