Anywhere from a couple of minutes to a pretty much constant and neverending stream of junk. The mean and median would both be in the "days" range, though often it'll run for a day or two, go away for a few days, then come back again (usually slightly different and more damaging).
The short answer is, "until it stops".
Afaik, there aren't any good statistics on averages, and intensities - most attacks go unreported publicly. As many have already mentioned your best, and probably only, bet is to have a candid discussion with your ISP, and rely on their knowledge and experience.
Typically, depending on the tools available and skills of the administrators, you'll be offered with various tradeoffs between site accessibility to the outside world and effectiveness at filtering the DDoS, which will tend to work well enough.
If this sort of attack happens to you frequently, or goes on for more than a few days, it may be worth investing in a better equipped ISP, or, if you're high enough upstream to be responsible for your own DDoS protection, investing into better security tools and people.
Once I had a rather innovative incident in which conduit's toolbar was used to do a ddos on one of my websites. The toolbar designer had thousands of his user constantly ping my website. It went on for more than a month.
We have had one going on for 2 weeks now and no sign of it slowing down - i guess they last as long as the attacker has the resources to continue. The crucial thing is to get as much filtering protection as you can with your hosts. If they are any good they will get on top of it for you although as pointed out by Joe above, it's not free. We are amazed in the UK, there's no single body you can go to to report an attack to or get any kind of investigation going.... i guess the authorities are way behind on this. Having talked to our hosts they say it's definitely a growing trend (most go unreported) so it's best to be prepared.
Until you can setup a system which will mitigate the attack, or when the attacker's demands are met, if there are any, but if there aren't any it will take until he gets bored.
as mentioned above a Ddos attack varies in its length of time, normally it should not be that much of a problem if your hosting company / ISP can put measures in place to filter the traffic and block a majority of it.
at the start of last year our company encountered problems from a ddos attack which lasted 2.5 days more or less, it was a low amount of traffic but enough to slow our services at first. our ISP reacted immediately when it was reported to them and they filtered traffic to negate any impact it may of been having. the block remained in place for 2 days when they then reported the traffic had stopped.
