Even if one could magically configure a stateful firewall to be invulnerable to state table exhaustion attacks, it still serves no purpose. When you're fronting a server farm, the point is to allow access to the site on the correct ports. Stateless ACLs in hardware do that, and function at millions of packets per second. Stateful firewalls start dying at a fraction of theoretical throughput when faced with an attack that specifically targets the state table. There are no network state attacks against web services that aren't better handled on the servers. The place for stateful firewalls is in front of clients, where you want to disallow packets that aren't part of a conversation started from the inside.

STATEFUL firewalls are the problem. It makes no sense to put stateful firewalls in front of server farms. Any mechanism that tracks state is a DDoS intensifier. If you're running services on ports 80 and 443, put stateless ACLs on the edge routers, running in hardware, that are capable of line rate. That protects you against traffic on inappropriate ports without creating a stateful DDoS vector. If you need to mitigate application-layer attacks, do it on the servers with something like mod_security. That way you can distribute the attack across the server farm instead of running a stateful choke point that risks bringing your whole site down.

I am a long-time search and rescue technician in Colorado. I got my ham license expressly for SAR work. The short answer is that amateur radio works great in some locations; not at all in others. We use a combination of emergency services radios, amateur radio, and cell phones. We have satellite phones available but I don't recall ever using them.

Personally, I would recommend a SPOT beacon. The newer ones allow you to signal a 911-level emergency, a non-emergent help signal, or an OK signal, along with GPS coordinates. They are lighter than ham HTs and will work in more locations.