That doesn't necessarily solve the problem. The attack needs to login to some routers to extract the MAC address, but others provide it willingly without login (I believe DD-WRT does this on the default logged-out status page, for example, although I can't check at the moment).
Or even better, change the default IP address for the admin login. This attack relies on a bunch of hidden iframes loading IPs that are common default addresses of the admin login page.
Twice I've had routers notify me that 192.168.0.1 is in use by another network service and automatically remap its own services to 10.0.0.x. One of these times was due to a DSL modem's web administration being on 192.168.0.1.
The attack/code he showed cannot, but what you can do it write different iframes. Here is an example:
a+'.'+b+'.'+c+'.'+d
where a=192 b=168 c=0-255 b=0-255
Of course this could be any private network address range[1]. Next you would use document.write or .innertext to make these iframes. Personally I wouldn't stop at the first one. I would log all the frames that loaded into an array and from there test them further. I would also get the users IP address and tack on :80, :8080, :21, ect and see what I am presented with- web torrent frontends, ftp servers, ect.